W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

Re: including X509 Certificate Chains in Signature

From: Ken Goldman <kgold@watson.ibm.com>
Date: Wed, 28 Jun 2000 14:34:21 -0400
Message-Id: <200006281834.OAA38774@alpha.watson.ibm.com>
To: w3c-ietf-xmldsig@w3.org
I too asked this question.

As I remember, the general answer was "it's up to the application" and
"it's outside DSIG".

I am concerned, as a typical application developer might not
understand anything about certificates, trust a generic DSIG
verifier, and accept a document with a fake certificate.

> Date: Fri, 23 Jun 2000 15:13:52 -0700
> From: Kevin Regan <kevinr@valicert.com>
> I have an understand of how a certificate can be included in
> the signature (S 4.4.4).  However, I'm not sure how an entire
> certificate chain might be included.  Is there an example of
> this anywhere?

Ken Goldman   kgold@watson.ibm.com   914-784-7646
Received on Wednesday, 28 June 2000 14:34:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:33 UTC