W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2011

Re: Indicating certificate order in XML Dig Sig

From: Marcos Caceres <marcosscaceres@gmail.com>
Date: Mon, 20 Jun 2011 15:25:01 +0200
Message-ID: <BANLkTi=mVK+cskEm7+Q0adRNjn_Why4eyg@mail.gmail.com>
To: Frederick.Hirsch@nokia.com
Cc: public-webapps@w3.org, public-xmlsec@w3.org, tlr@w3.org, kai.hendry@wacapps.net, paddy.byers@gmail.com
Hi Frederick,

On Mon, Jun 20, 2011 at 3:13 PM,  <Frederick.Hirsch@nokia.com> wrote:
> Marcos
>
> No there is currently no such definition of certificate order in XML Signature.
>
> I believe this question was answered correctly on the aleksey xmlsec development list in the message after the one you quoted, which is why I didn't join the discussion:
>
> http://www.aleksey.com/pipermail/xmlsec/2011/009175.html
>
> This is not part of the XML Security specifications but rather how certs are defined and used. The cert itself can indicate its purpose.

Ok, that is fine. Thank you for the explanation. Perhaps a
non-normative note is needed in both XML Dig Sig and Widgets Dig Sig
that informs developers that this issue might occur. Lacking any other
facility, developers should ensure their certificates are in the
correct tree order if they want them processed properly.

Kind regards,
Marcos


-- 
Marcos Caceres
http://datadriven.com.au
Received on Monday, 20 June 2011 13:25:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 20 June 2011 13:25:51 GMT