W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2010

Re: proposed XML Signature 1.1 addition

From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
Date: Thu, 14 Jan 2010 17:43:21 -0500
Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>
Message-Id: <2A34E9FA-AB27-4B62-BEA4-BBDE6B23216F@nokia.com>
To: ext Sean Mullan <Sean.Mullan@Sun.COM>
Sean

I thought we discovered a use case, but I think it was a SKI use case,  
so I suspect we won't need this after all (unless I can nail down a  
clear case).

I'd prefer no more last minute changes, so thanks for the reality check.

regards, Frederick

Frederick Hirsch
Nokia



On Jan 14, 2010, at 3:34 PM, ext Sean Mullan wrote:

> I question the value of this. The AKID does not help identify the
> signer's certificate, it helps identify the CA certificate that
> issued/signed it. Can you describe a use case for how this would be  
> used?
>
> --Sean
>
> Frederick Hirsch wrote:
>> [not as chair]
>>
>> Would it be possible to add a new element to XML Signature 1.1,  
>> namely
>> X509AKI - I view this as along the same lines as the added OCSP  
>> element.
>>
>> Proposal:
>>
>> Add  dsig11:X509AKI  to list in #1 in section 4.5.4 The X509Data  
>> Element
>>
>> The X509AKI  element which contains the base64 encoded plain (i.e.
>> non-DER-encoded) value of a X509 V.3 Authority Key Identifier  
>> extension.
>>
>> with schema
>> <element name="X509AKI" type="base64Binary"/>
>> ---
>>
>> I've gotten feedback that this would be helpful and would like  
>> propose
>> we add it before Last Call.
>>
>> Thanks
>>
>> regards, Frederick
>>
>> Frederick Hirsch
>> Nokia
>>
>>
>>
>>
>
Received on Thursday, 14 January 2010 22:43:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 14 January 2010 22:43:57 GMT