W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2009

Re: ACTION-166: Warning on X509IssuerSerial

From: Sean Mullan <Sean.Mullan@Sun.COM>
Date: Tue, 20 Jan 2009 08:06:55 -0500
To: cantor.2@osu.edu
Cc: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
Message-id: <4975CC6F.1040303@sun.com>

Scott Cantor wrote:
> Suggested text for the end of section 4.4.4, after the new certificate
> encoding language:
> 
> "Deployments that expect to make use of the X509IssuerSerial element should
> be aware that many Certificate Authorities issue certificates with large,
> random serial numbers. Such deployments should avoid schema-validating the
> X509IssuerSerial element. XML Schema validators may not support decimal data
> types with more than 18 decimal digits [XML-schema]."

Is "many" CAs accurate? Is "some" a better word? Also might want to change:

"may not support decimal data ..."

to

"may not support integer types with decimal data ..."

to be a little more specific.

> 
> I was considering that it might be useful to also include a sentence
> indicating that a future version of the specification would correct this
> problem, but don't know what people think about that.

Probably not good to make any promises ...

--Sean
Received on Tuesday, 20 January 2009 13:07:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT