W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2001

Re: Fw: Re:Call for Review: XML Digital Signature is a W3C Proposed Recommendation

From: TAMURA Kent <kent@trl.ibm.co.jp>
Date: Tue, 2 Oct 2001 16:59:21 +0900
Message-Id: <200110020759.QAA15942@ns.trl.ibm.com>
To: harada@prs.cs.fujitsu.co.jp, w3c-ietf-xmldsig@w3.org, toriumi@sysrap.cs.fujitsu.co.jp

In message "Fw: Re:Call for Review: XML Digital Signature is a W3C Proposed Recommendation"
    on 01/09/18, "Harada" <harada@prs.cs.fujitsu.co.jp> writes:
>  In verifying, do you use X509CRLs which is created before verifying?

X.509 CRL has information about "updated date" and "next update
date". So we can assume the CRL attached to a signature is the
latest until "next update date".

In my opinion, we would use neither X509CRL elements nor
KeyValue elements with signatures in practical systems.
X509CRLs with signatures might be old, and we should not trust
key information not in X.509 certificates.  A signature should
have an X.509 certificate or a key name, and verifier retrieve
CRL from a local XKMS service.

-- 
TAMURA Kent @ Tokyo Research Laboratory, IBM
Received on Tuesday, 2 October 2001 03:59:58 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:14 GMT