W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2011

Re: Indicating certificate order in XML Dig Sig

From: Marcos Caceres <marcosscaceres@gmail.com>
Date: Mon, 27 Jun 2011 18:05:34 +0100
Message-ID: <BANLkTi=2CWW45z-YjqPzYOztL11HX8dtGQ@mail.gmail.com>
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Cc: public-webapps <public-webapps@w3.org>, Thomas Roessler <tlr@w3.org>, "Frederick.Hirsch@nokia.com" <frederick.hirsch@nokia.com>, Kai Hendry <kai.hendry@wacapps.net>, Paddy Byers <paddy.byers@gmail.com>
On Mon, Jun 20, 2011 at 3:21 PM, Cantor, Scott E. <cantor.2@osu.edu> wrote:
> On 6/20/11 8:37 AM, "Marcos Caceres" <marcosscaceres@gmail.com> wrote:
>>Is there some means to explicitly indicate the order in which
>>certificates in an xml dig sig file should be processed? The problem
>>is that if you screw up the certificate order in the xml file, the
>>validator (e.g,. xmlsec) does not know which cert is the end-entity.
>
> BP is EE first, the rest after (and technically the order of the rest
> isn't supposed to matter).

Can I get an assurance from the XML Sec working group that a
non-normative note will be added to the XML Dig Sig specification wrt
to this best practice? Please consider this comment implementer
feedback on the CR.

-- 
Marcos Caceres
http://datadriven.com.au
Received on Monday, 27 June 2011 17:06:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 27 June 2011 17:06:22 GMT