W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2011

Indicating certificate order in XML Dig Sig

From: Marcos Caceres <marcosscaceres@gmail.com>
Date: Mon, 20 Jun 2011 14:37:51 +0200
Message-ID: <BANLkTi=U5Xv4h3Qgj2Ft_4xDK0-Gbaz6zw@mail.gmail.com>
To: public-webapps <public-webapps@w3.org>, XMLSec <public-xmlsec@w3.org>
Cc: Thomas Roessler <tlr@w3.org>, Frederick Hirsch <frederick.hirsch@nokia.com>, Kai Hendry <kai.hendry@wacapps.net>, Paddy Byers <paddy.byers@gmail.com>
Hi,
Is there some means to explicitly indicate the order in which
certificates in an xml dig sig file should be processed? The problem
is that if you screw up the certificate order in the xml file, the
validator (e.g,. xmlsec) does not know which cert is the end-entity.

See also the following from Aleksey Sanin's, which provides a bit more detail:

http://www.aleksey.com/pipermail/xmlsec/2011/009174.html

TLR, Frederick, or members of XMLSec, maybe you could comment?

Kind regards,
Marcos

-- 
Marcos Caceres
http://datadriven.com.au
Received on Monday, 20 June 2011 12:39:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 20 June 2011 12:39:03 GMT