Hi, I have a query about the case where multiple X509Certificate elements are sent with a signature. I couldn't find any information in the spec concerning the order that they should be sent in, and I couldn't find any mention of this in the mailing list archive. I imagine this is intentional left out of the spec as it does not require any KeyInfo and leaves all this up to the application level. I would expect that when multiple certificates are sent, they should be sent as a chain (same as how an ssl server must send certifictes - rfc 2246), with the sender's cert coming first and each following cert directly certifying the one before it. Does the spec actually mention anything about this, or does anyone else have any thoughts? Thanks, JoelReceived on Thursday, 7 March 2002 19:54:50 GMT
This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:14 GMT