W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2001

Re: AW: Poll: Limiting KeyValue to a single Instance?

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Wed, 21 Feb 2001 09:39:54 -0500
Message-Id: <200102211439.JAA0000017917@torque.pothole.com>
To: "XMLSigWG" <w3c-ietf-xmldsig@w3.org>

I don't see why there can't be a signature algorithm that has two
different and mutually non-converable public keys.  Or there could be
some improvement in the format of a key such that it is desireable to
use the new key format in KeyValue but, during a trasition period,
provide the old format in another KeyValue for interoperability.  Or
some other bizarre reason for two KeyValue elements. I certainly admit
that these are pretty far fetched and unlikely but they don't seem

While KeyValue is supposed to be a validation key, "certificates" of
various sorts can just be parts of chains from widley known keys to a
validation key.

One possibility is to just be handed a bag of certificates with no
information about which one has a validation key in it. So it seems to
me that most XMLDSIG implementation are going to have to have a
mechanism for trying N keys to see if any works anyway.


From:  "Gregor Karlinger" <gregor.karlinger@iaik.at>
To:  "TAMURA Kent" <kent@trl.ibm.co.jp>, "Joseph M. Reagle Jr." <reagle@w3.org>
Cc:  "XMLSigWG" <w3c-ietf-xmldsig@w3.org>
Date:  Wed, 21 Feb 2001 08:45:57 +0100
Message-ID:  <NDBBIMACDKCOPBLEJCCDGEBHDCAA.gregor.karlinger@iaik.at>
In-Reply-To:  <200102210453.NAA24312@ns.trl.ibm.com>

>Kent, Joseph,
>> A KeyInfo element represents information about *a* key, doesn't it?
>> 4.4 The KeyInfo Element, 2nd paragraph:
>> >> Multiple declarations within KeyInfo refer to the same key. 
>In 4.4, 1st paragraph it says:
>  "KeyInfo may contain keys, names, certificates and other 
>   public key management information"
>According to this sentence, several KeyValue clauses in KeyInfo,
>refering to different keys would be possible. What is really intended?
>Regards, Gregor
>DI Gregor Karlinger
>Phone +43 316 873 5541
>Institute for Applied Information Processing and Communications
Received on Wednesday, 21 February 2001 09:39:56 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:35 UTC