W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2011

RE: Additional 1.1 Requirements update completed

From: Magnus Nystrom <mnystrom@microsoft.com>
Date: Tue, 25 Jan 2011 15:23:34 +0000
To: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <D744D68428430B4F9C81DE8A4D59506811F30477@TK5EX14MBXW602.wingroup.windeploy.ntdev.microsoft.com>
I think this looks pretty good. I would suggest to make one change, in the text for X509IssuerSerial:


"The X509SerialNumber child element of the ds:X509IssuerSerialType XML Schema type was defined to be an integer holding an X.509 certificate's serial number. XML Schema validators may not support integer types with decimal data exceeding 18 decimal digits [XMLSCHEMA-2] and this maximum length has proven insufficient as many Certificate Authorities issue certificates with large random serial numbers that exceed this limit. A new element is defined in XML Signature 1.1 with a different type definition, the sig11:X509Digest element, and a warning that deployments that make use of the X509IssuerSerial element should take care if schema validation is involved."

-- Magnus

> -----Original Message-----
> From: public-xmlsec-request@w3.org [mailto:public-xmlsec-request@w3.org]
> On Behalf Of Frederick.Hirsch@nokia.com
> Sent: Monday, January 24, 2011 7:59 AM
> To: public-xmlsec@w3.org
> Cc: Frederick.Hirsch@nokia.com
> Subject: Additional 1.1 Requirements update completed
> I completed an additional editorial update to the 1.1 Requirements draft [1].
> In particular, I added a new section "3.4 Correct known issues" with material
> describing the rationale for the changes for X509Digest, KeyInfoReference,
> DEREncodedKeyValue, and OCSPResponse elements.
> I also added notes to the algorithms section where the choice of algorithm
> requirement differs in 1.1 from the proposal.
> Finally, fixed some spelling.
> Please review the revised draft (in particular the new section)  and propose any
> changes if needed.
> I believe with these changes we will be able to publish an updated draft of this
> requirements document. If any concerns please indicate on the list early this
> week.
> Thanks
> regards, Frederick
> Frederick Hirsch
> Nokia
> [1] http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html
Received on Tuesday, 25 January 2011 15:24:15 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:15 UTC