> 1. When X509 certificate element is present, is there any need > for X509IssuerSerial, X509SubjectName, X509SKI, elements. Is > it possible for all of these to be present. If so, what is > the significance of the later three, as the first one contains > all of them. Many implementations actually provide more than one of the differnet forms in the same signature. Yes, the certificate includes all the other data, but it requires a fairly heavy-duty ASN1/DER parser. Breaking out the alternate "lookup keys" is just "friendly," as it were. > 2. Also, how is a certificate validated. Is it by That's a local trust issue, and depends on your implementation and business requirements. A common 80/20 technique is to verify that the certificate *or it's issuer* came from a locally-configured trusted list. /r$Received on Monday, 3 February 2003 14:49:39 GMT
This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:16 GMT