W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2001

Re: The X509Data Element clarification...

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Tue, 13 Feb 2001 17:58:19 -0500
Message-Id: <4.3.2.7.2.20010213175523.02b18520@rpcp.mit.edu>
To: "Donald E. Eastlake 3rd" <lde008@dma.isg.mot.com>
Cc: Rich Salz <rsalz@caveosystems.com>, w3c-ietf-xmldsig@w3.org, lde008@dma.isg.mot.com
At 10:51 2/13/2001 -0500, Donald E. Eastlake 3rd wrote:
> >> All X509IssuerSerial, X509SKI, and X509SubjectName elements must refer
> >> to certficiates with the validation key.  However, because you can
> >> have multiple cetificates for the same key in the same X509Data
> >> element, there may be multiple such elements referring to different
> >> certificates or, of course, the same element.
> >I assume you mean "certificate" for that last word.
>Yes.
> >Also, what about something like "No ordering is implied."
>Sounds reasonable.

I'm trying to integrate this paragraph:

>All X509IssuerSerial, X509SKI, and X509SubjectName elements must refer to 
>certficiates containing the validation key. However, since multiple 
>cetificates for the same key are permitted in the same X509Data element, 
>there may be multiple such elements referring to different certificates or, 
>of course, the same certificate. No ordering of these element types is 
>implied.

with this paragraph:

>Multiple declarations about a single certificate (e.g., a X509SubjectName 
>and X509IssuerSerial element) MUST be grouped inside a single X509Data 
>element; multiple declarations about the same key but different X509 
>certificates (related to that single key) MUST be grouped within a single 
>KeyInfo element but MAY occur in multiple X509Data elements.

in a way that is comprehensible, but it's not working too well. Someone else 
want to suggest some text?


__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Tuesday, 13 February 2001 17:58:35 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:12 GMT