W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2003

Re: X509 data element

From: fd <fd@despammed.com>
Date: Tue, 04 Feb 2003 16:52:23 -0800
To: Joseph Swaminathan <jswamina@cisco.com>, w3c-ietf-xmldsig@w3.org
Message-id: <3E406047.7000800@despammed.com>

> 
>      Since the signature value on the signature node only covers the
> signed info element, the individual x.509 elements present in the
> key info is not signed at all. In that case, how can these values be
> trusted, unless it is cross verified with x.509 certificate.

Well, IMHO this is an other case of what Joseph calls
"the "Frankenstein Complex" [1].
X.509 elements could  contain "signed object" in some PKCS way (PKCS#1 
if  I rember well), but we dont' want to know about ASN.1 stuff, it 's 
(probably) a XKMS task ... so we could only infer something on the 
validity not on the trust of a signature.


[1] - 
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2003JanMar/0020.html


-- 
- - - - - - - - - - - - - - - - - - - - - - - -
fabio dianda - f d @ d e s p a m m e d . c o m
- - - - - - - - - - - - - - - - - - - - - - - -
Received on Tuesday, 4 February 2003 11:59:24 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:16 GMT