Barb, Thanks to Brian's comments I understand now the idea is for KeyInfo to serve as a "hint" and little/nothing more. However, I still fail to see where KeyValue provides anything in the way of "base interoperability" where a PKI application receives a key via KeyValue from a non-PKI application and thus fail to see why KeyValue is required. It seems only to provide enough interoperability for a non-PKI application to deliver a key that cannot be validated to a PKI application. Without clarification in the text as to the intent, I believe the structures provide too much of an invitation to be used in a manner not consistent with the intent. As for the DSA parameters, since using them directly from a KeyValue is not the idea, why mandate their inclusion? Certainly there would be no harm in relaxing the requirement that every KeyValue include them; a simple minOccurs=0 seems appropriate. It would definitely save many bits spent on information that's really more nice to have than necessary for many/most implementations. -CarlReceived on Monday, 13 March 2000 19:31:49 GMT
This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT