W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2011

Re: Additional 1.1 Requirements update completed

From: <Frederick.Hirsch@nokia.com>
Date: Tue, 25 Jan 2011 16:58:57 +0100
To: <mnystrom@microsoft.com>
CC: <Frederick.Hirsch@nokia.com>, <public-xmlsec@w3.org>
Message-ID: <BEB88119-F919-4095-B3BC-71C93FA1CD3B@nokia.com>
Magnus

Thanks for the correction, I have updated the editors draft with this change.

http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html#issueserial

regards, Frederick

Frederick Hirsch
Nokia



On Jan 25, 2011, at 10:23 AM, ext Magnus Nystrom wrote:

> Frederick,
> I think this looks pretty good. I would suggest to make one change, in the text for X509IssuerSerial:
> 
> To:
> 
> "The X509SerialNumber child element of the ds:X509IssuerSerialType XML Schema type was defined to be an integer holding an X.509 certificate's serial number. XML Schema validators may not support integer types with decimal data exceeding 18 decimal digits [XMLSCHEMA-2] and this maximum length has proven insufficient as many Certificate Authorities issue certificates with large random serial numbers that exceed this limit. A new element is defined in XML Signature 1.1 with a different type definition, the sig11:X509Digest element, and a warning that deployments that make use of the X509IssuerSerial element should take care if schema validation is involved."
> 
> -- Magnus
> 
> 
>> -----Original Message-----
>> From: public-xmlsec-request@w3.org [mailto:public-xmlsec-request@w3.org]
>> On Behalf Of Frederick.Hirsch@nokia.com
>> Sent: Monday, January 24, 2011 7:59 AM
>> To: public-xmlsec@w3.org
>> Cc: Frederick.Hirsch@nokia.com
>> Subject: Additional 1.1 Requirements update completed
>> 
>> I completed an additional editorial update to the 1.1 Requirements draft [1].
>> 
>> In particular, I added a new section "3.4 Correct known issues" with material
>> describing the rationale for the changes for X509Digest, KeyInfoReference,
>> DEREncodedKeyValue, and OCSPResponse elements.
>> 
>> I also added notes to the algorithms section where the choice of algorithm
>> requirement differs in 1.1 from the proposal.
>> 
>> Finally, fixed some spelling.
>> 
>> Please review the revised draft (in particular the new section)  and propose any
>> changes if needed.
>> 
>> I believe with these changes we will be able to publish an updated draft of this
>> requirements document. If any concerns please indicate on the list early this
>> week.
>> 
>> Thanks
>> 
>> regards, Frederick
>> 
>> Frederick Hirsch
>> Nokia
>> 
>> [1] http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html
>> 
>> 
>> 
> 
Received on Tuesday, 25 January 2011 16:00:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 25 January 2011 16:00:03 GMT