W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

Re: including X509 Certificate Chains in Signature

From: Ken Goldman <kgold@watson.ibm.com>
Date: Wed, 28 Jun 2000 14:34:21 -0400
Message-Id: <200006281834.OAA38774@alpha.watson.ibm.com>
To: w3c-ietf-xmldsig@w3.org
I too asked this question.

As I remember, the general answer was "it's up to the application" and
"it's outside DSIG".

I am concerned, as a typical application developer might not
understand anything about certificates, trust a generic DSIG
verifier, and accept a document with a fake certificate.

> Date: Fri, 23 Jun 2000 15:13:52 -0700
> From: Kevin Regan <kevinr@valicert.com>
> 
> I have an understand of how a certificate can be included in
> the signature (S 4.4.4).  However, I'm not sure how an entire
> certificate chain might be included.  Is there an example of
> this anywhere?

-- 
Ken Goldman   kgold@watson.ibm.com   914-784-7646
Received on Wednesday, 28 June 2000 14:34:32 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT