W3C home > Mailing lists > Public > public-xmlsec@w3.org > August 2011

updated Signature 1.1 and 2.0 for KeyInfoReference

From: <Frederick.Hirsch@nokia.com>
Date: Tue, 2 Aug 2011 17:41:19 +0000
To: <public-xmlsec@w3.org>
CC: <Frederick.Hirsch@nokia.com>
Message-ID: <F21B1B05-0D54-4887-8465-1AFBC5D775D7@nokia.com>
As agreed on today's call, I updated the second paragraph in the KeyInfo section of XML Signature 1.1 and XML Signature 2.0 to have SHOULD for KeyInfoReference and not RetrievalMethod, as follows:

[[
While applications may define and use any mechanism they choose through inclusion of elements from a different namespace, compliant versions must implement KeyValue (section 4.5.2 The KeyValue Element<http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.html#sec-KeyValue>) and should implement KeyInfoReference (section 4.5.10 The KeyInfoReference Element<http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.html#sec-KeyInfoReference>).
]]

Section 4.5 in XML Signature 1.1, http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.html#sec-KeyInfo

Likewise in XML Signature 2.0, section 7, http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/#sec-KeyInfo

[[
If KeyInfo is omitted, the recipient is expected to be able to identify the key based on application context. Multiple declarations within KeyInfo refer to the same key. While applications may define and use any mechanism they choose through inclusion of elements from a different namespace, compliant versions must implement KeyValue (section 7.2 The KeyValue Element<http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/#sec-KeyValue>) and should implement KeyInfoReference (section 7.10 The dsig11:KeyInfoReference Element<http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/#sec-KeyInfoReference>).
]]

This should complete ACTION-816.

regards, Frederick

Frederick Hirsch
Nokia
Received on Tuesday, 2 August 2011 17:42:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:16 UTC