W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2001

Re: AW: Poll: Limiting KeyValue to a single Instance?

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Wed, 21 Feb 2001 09:39:54 -0500
Message-Id: <200102211439.JAA0000017917@torque.pothole.com>
To: "XMLSigWG" <w3c-ietf-xmldsig@w3.org>

I don't see why there can't be a signature algorithm that has two
different and mutually non-converable public keys.  Or there could be
some improvement in the format of a key such that it is desireable to
use the new key format in KeyValue but, during a trasition period,
provide the old format in another KeyValue for interoperability.  Or
some other bizarre reason for two KeyValue elements. I certainly admit
that these are pretty far fetched and unlikely but they don't seem
impossible.

While KeyValue is supposed to be a validation key, "certificates" of
various sorts can just be parts of chains from widley known keys to a
validation key.

One possibility is to just be handed a bag of certificates with no
information about which one has a validation key in it. So it seems to
me that most XMLDSIG implementation are going to have to have a
mechanism for trying N keys to see if any works anyway.

Donald

From:  "Gregor Karlinger" <gregor.karlinger@iaik.at>
To:  "TAMURA Kent" <kent@trl.ibm.co.jp>, "Joseph M. Reagle Jr." <reagle@w3.org>
Cc:  "XMLSigWG" <w3c-ietf-xmldsig@w3.org>
Date:  Wed, 21 Feb 2001 08:45:57 +0100
Message-ID:  <NDBBIMACDKCOPBLEJCCDGEBHDCAA.gregor.karlinger@iaik.at>
In-Reply-To:  <200102210453.NAA24312@ns.trl.ibm.com>

>Kent, Joseph,
>
>> A KeyInfo element represents information about *a* key, doesn't it?
>> 
>> 4.4 The KeyInfo Element, 2nd paragraph:
>> >> Multiple declarations within KeyInfo refer to the same key. 
>
>In 4.4, 1st paragraph it says:
>
>  "KeyInfo may contain keys, names, certificates and other 
>   public key management information"
>
>According to this sentence, several KeyValue clauses in KeyInfo,
>refering to different keys would be possible. What is really intended?
>
>Regards, Gregor
>---------------------------------------------------------------
>DI Gregor Karlinger
>mailto:gregor.karlinger@iaik.at
>http://www.iaik.at
>Phone +43 316 873 5541
>Institute for Applied Information Processing and Communications
>Austria
>---------------------------------------------------------------
> 
>
Received on Wednesday, 21 February 2001 09:39:56 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:12 GMT