W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2011

Re: Indicating certificate order in XML Dig Sig

From: <Frederick.Hirsch@nokia.com>
Date: Mon, 20 Jun 2011 13:13:28 +0000
To: <marcosscaceres@gmail.com>
CC: <Frederick.Hirsch@nokia.com>, <public-webapps@w3.org>, <public-xmlsec@w3.org>, <tlr@w3.org>, <kai.hendry@wacapps.net>, <paddy.byers@gmail.com>
Message-ID: <EF04530E-C9BC-4882-AEAF-E685C7C10CFA@nokia.com>

No there is currently no such definition of certificate order in XML Signature.

I believe this question was answered correctly on the aleksey xmlsec development list in the message after the one you quoted, which is why I didn't join the discussion:


This is not part of the XML Security specifications but rather how certs are defined and used. The cert itself can indicate its purpose.

regards, Frederick

Frederick Hirsch

On Jun 20, 2011, at 8:37 AM, ext Marcos Caceres wrote:

> Hi,
> Is there some means to explicitly indicate the order in which
> certificates in an xml dig sig file should be processed? The problem
> is that if you screw up the certificate order in the xml file, the
> validator (e.g,. xmlsec) does not know which cert is the end-entity.
> See also the following from Aleksey Sanin's, which provides a bit more detail:
> http://www.aleksey.com/pipermail/xmlsec/2011/009174.html
> TLR, Frederick, or members of XMLSec, maybe you could comment?
> Kind regards,
> Marcos
> -- 
> Marcos Caceres
> http://datadriven.com.au
Received on Monday, 20 June 2011 13:14:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:16 UTC