W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2011

Re: Indicating certificate order in XML Dig Sig

From: <Frederick.Hirsch@nokia.com>
Date: Mon, 20 Jun 2011 13:13:28 +0000
To: <marcosscaceres@gmail.com>
CC: <Frederick.Hirsch@nokia.com>, <public-webapps@w3.org>, <public-xmlsec@w3.org>, <tlr@w3.org>, <kai.hendry@wacapps.net>, <paddy.byers@gmail.com>
Message-ID: <EF04530E-C9BC-4882-AEAF-E685C7C10CFA@nokia.com>
Marcos

No there is currently no such definition of certificate order in XML Signature.

I believe this question was answered correctly on the aleksey xmlsec development list in the message after the one you quoted, which is why I didn't join the discussion:

http://www.aleksey.com/pipermail/xmlsec/2011/009175.html

This is not part of the XML Security specifications but rather how certs are defined and used. The cert itself can indicate its purpose.

regards, Frederick

Frederick Hirsch
Nokia



On Jun 20, 2011, at 8:37 AM, ext Marcos Caceres wrote:

> Hi,
> Is there some means to explicitly indicate the order in which
> certificates in an xml dig sig file should be processed? The problem
> is that if you screw up the certificate order in the xml file, the
> validator (e.g,. xmlsec) does not know which cert is the end-entity.
> 
> See also the following from Aleksey Sanin's, which provides a bit more detail:
> 
> http://www.aleksey.com/pipermail/xmlsec/2011/009174.html
> 
> TLR, Frederick, or members of XMLSec, maybe you could comment?
> 
> Kind regards,
> Marcos
> 
> -- 
> Marcos Caceres
> http://datadriven.com.au
Received on Monday, 20 June 2011 13:14:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 20 June 2011 13:14:33 GMT