W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2011

Re: XML Signature 1.1 KeyInfo requirements

From: Cantor, Scott E. <cantor.2@osu.edu>
Date: Wed, 29 Jun 2011 19:32:30 +0000
To: Sean Mullan <sean.mullan@oracle.com>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <CA30F4FA.EB48%cantor.2@osu.edu>
On 6/29/11 3:24 PM, "Sean Mullan" <sean.mullan@oracle.com> wrote:
>
>These requirements seem like they should be revisited, especially since a
>later 
>section says to avoid RetrievalMethod because of potential security
>concerns 
>(see Note in section 4.5.10).

I think we missed that text making it a SHOULD, actually.

> Also, does this imply that all KeyValues must be
>supported?

Strictly speaking all it says is KeyValue itself, not any particular child
elements. Could be clearer.

> I would think it should only be supported if there is a required
>signature algorithm for the corresponding key type. Had there ever been
>any 
>discussion about updating the list of required KeyInfo types?

I think the most that would happen is clarifying your point about
KeyValue, and *maybe* making KeyInfoReference a should. All the other new
stuff was explicitly insisted on as optional as a condition of adding them.

-- Scott
Received on Wednesday, 29 June 2011 19:33:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 29 June 2011 19:33:01 GMT