- From: Rich Salz <rsalz@datapower.com>
- Date: Wed, 05 Feb 2003 14:45:49 -0500
- To: Tom Gindin <tgindin@us.ibm.com>
- CC: Joseph Swaminathan <jswamina@cisco.com>, w3c-ietf-xmldsig@w3.org
I think the current focus is more on interoperablity than on attack prevention. "I know we don't have a global interoperable PKI, so here's everything I can think of to send you so that you'll be able to validate the signature. We'll use SSL across organizational boundaries to guard against something editing KeyInfo elements." I know that we tend to see more signatures with both X509Certificate *and* X509IssuerSerial than without. But that's my opinion, and no more valid thans yours. /r$
Received on Wednesday, 5 February 2003 14:45:50 UTC