W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2001

Re: Fw: Re:Call for Review: XML Digital Signature is a W3C Proposed Recommendation

From: Harada <harada@prs.cs.fujitsu.co.jp>
Date: Wed, 3 Oct 2001 11:48:49 +0900
Message-ID: <002101c14bb5$ee1371a0$b556230a@prs.cs.fujitsu.co.jp>
To: "TAMURA Kent" <kent@trl.ibm.co.jp>, <w3c-ietf-xmldsig@w3.org>, <toriumi@sysrap.cs.fujitsu.co.jp>
Hi TAMURA,

 I agree with you at the point of not using X509CRLs in verifying.
But I don't agree with you on the KeyValue element.
 I think whether a KeyValue is trusted or not
is decided by a system, but not by a processor.
 So our XML signature processor rises an error event like SAX,
if a SignedInfo-verifying X509Certificate is not or is not trusted.
When it's NG as Signature , we throw an fatal Exception.

----- Original Message -----
From: "TAMURA Kent" <kent@trl.ibm.co.jp>
To: <harada@prs.cs.fujitsu.co.jp>; <w3c-ietf-xmldsig@w3.org>;
<toriumi@sysrap.cs.fujitsu.co.jp>
Sent: Tuesday, October 02, 2001 4:59 PM
Subject: Re: Fw: Re:Call for Review: XML Digital Signature is a W3C Proposed
Recommendation


>
> In message "Fw: Re:Call for Review: XML Digital Signature is a W3C
Proposed Recommendation"
>     on 01/09/18, "Harada" <harada@prs.cs.fujitsu.co.jp> writes:
> >  In verifying, do you use X509CRLs which is created before verifying?
>
> X.509 CRL has information about "updated date" and "next update
> date". So we can assume the CRL attached to a signature is the
> latest until "next update date".
>
> In my opinion, we would use neither X509CRL elements nor
> KeyValue elements with signatures in practical systems.
> X509CRLs with signatures might be old, and we should not trust
> key information not in X.509 certificates.  A signature should
> have an X.509 certificate or a key name, and verifier retrieve
> CRL from a local XKMS service.
>
> --
> TAMURA Kent @ Tokyo Research Laboratory, IBM
>
>
>
Received on Tuesday, 2 October 2001 22:47:43 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:14 GMT