Proposal for resolution of ACTION-404 from Brian LaMacchia on 2009-12-15 (public-xmlsec@w3.org from December 2009)

From: Brian LaMacchia <bal@exchange.microsoft.com>
Date: Tue, 15 Dec 2009 08:00:53 +0000
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <2F0BC4C74513A04E99B59ADFA413731802B2066C@DF-M14-04.exchange.corp.microsoft.com>

Regarding ACTION-404 ("Draft language that  codifies history why DERKeyValue is not child of KeyValue (for  section 4.4 of xmldsig-core1)"), I propose to add the following text to the end of Section 4.5.9:

Historical note: The DEREncodedKeyValue element was added to XML Signature 1.1 in order to support certain interoperability scenarios where at least one of signer and/or verifier are not able to serialize keys in the XML formats described in Section 4.5.2 above. The KeyValue element is to be used for "bare" XML key representations (not XML wrappings around other binary encodings like ASN.1 DER); for this reason the DEREncodedKeyValue element is not a child of KeyValue, since no further structure is included.  The DEREncodedKeyValue element is also not a child of the X509Data element, as the keys represented by DEREncodedKeyValue may not have X.509 certificates associated with them (a requirement for X509Data).

                                                                                --bal

Received on Tuesday, 15 December 2009 08:01:36 UTC