I think the current focus is more on interoperablity than on attack prevention. "I know we don't have a global interoperable PKI, so here's everything I can think of to send you so that you'll be able to validate the signature. We'll use SSL across organizational boundaries to guard against something editing KeyInfo elements." I know that we tend to see more signatures with both X509Certificate *and* X509IssuerSerial than without. But that's my opinion, and no more valid thans yours. /r$Received on Wednesday, 5 February 2003 14:45:50 GMT
This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:16 GMT