- From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
- Date: Wed, 21 Feb 2001 09:39:54 -0500
- To: "XMLSigWG" <w3c-ietf-xmldsig@w3.org>
I don't see why there can't be a signature algorithm that has two different and mutually non-converable public keys. Or there could be some improvement in the format of a key such that it is desireable to use the new key format in KeyValue but, during a trasition period, provide the old format in another KeyValue for interoperability. Or some other bizarre reason for two KeyValue elements. I certainly admit that these are pretty far fetched and unlikely but they don't seem impossible. While KeyValue is supposed to be a validation key, "certificates" of various sorts can just be parts of chains from widley known keys to a validation key. One possibility is to just be handed a bag of certificates with no information about which one has a validation key in it. So it seems to me that most XMLDSIG implementation are going to have to have a mechanism for trying N keys to see if any works anyway. Donald From: "Gregor Karlinger" <gregor.karlinger@iaik.at> To: "TAMURA Kent" <kent@trl.ibm.co.jp>, "Joseph M. Reagle Jr." <reagle@w3.org> Cc: "XMLSigWG" <w3c-ietf-xmldsig@w3.org> Date: Wed, 21 Feb 2001 08:45:57 +0100 Message-ID: <NDBBIMACDKCOPBLEJCCDGEBHDCAA.gregor.karlinger@iaik.at> In-Reply-To: <200102210453.NAA24312@ns.trl.ibm.com> >Kent, Joseph, > >> A KeyInfo element represents information about *a* key, doesn't it? >> >> 4.4 The KeyInfo Element, 2nd paragraph: >> >> Multiple declarations within KeyInfo refer to the same key. > >In 4.4, 1st paragraph it says: > > "KeyInfo may contain keys, names, certificates and other > public key management information" > >According to this sentence, several KeyValue clauses in KeyInfo, >refering to different keys would be possible. What is really intended? > >Regards, Gregor >--------------------------------------------------------------- >DI Gregor Karlinger >mailto:gregor.karlinger@iaik.at >http://www.iaik.at >Phone +43 316 873 5541 >Institute for Applied Information Processing and Communications >Austria >--------------------------------------------------------------- > >
Received on Wednesday, 21 February 2001 09:39:56 UTC