W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2000

Re: X509Data tweaks

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Wed, 16 Aug 2000 17:16:26 -0400
Message-Id: <200008162116.RAA14222@torque.pothole.com>
To: Kevin Regan <kevinr@valicert.com>
cc: w3c-ietf-xmldsig@w3.org

I would say because the spec was being interpreted to prohibit having
any cert in KeyInfo except ones with the signature verifying public
key in them and requireing the use of RetrievalMethod to indicate
any other related certs.

Donald

From:  Kevin Regan <kevinr@valicert.com>
Message-ID:  <27FF4FAEA8CDD211B97E00902745CBE201AB44F9@seine.valicert.com>
To:  tgindin@us.ibm.com, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc:  w3c-ietf-xmldsig@w3.org
Date:  Wed, 16 Aug 2000 13:46:37 -0700

>I'm curious why the leaning is now towards multiple certificates
>in a single X509Data rather than 1 certificate per X509Data with
>multiple X509Data elements?  Is there a good reason for this?  If not,
>I don't think it would be appropriate to change the spec at this
>point...
>
>--Kevin
Received on Wednesday, 16 August 2000 17:13:42 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:10 GMT