W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2003

Re: X509 data element

From: Rich Salz <rsalz@datapower.com>
Date: Wed, 05 Feb 2003 14:45:49 -0500
Message-ID: <3E4169ED.5020801@datapower.com>
To: Tom Gindin <tgindin@us.ibm.com>
CC: Joseph Swaminathan <jswamina@cisco.com>, w3c-ietf-xmldsig@w3.org

I think the current focus is more on interoperablity than on attack 
prevention.  "I know we don't have a global interoperable PKI, so here's 
everything I can think of to send you so that you'll be able to validate 
the signature.  We'll use SSL across organizational boundaries to guard 
against something editing KeyInfo elements."  I know that we tend to see 
more signatures with both X509Certificate *and* X509IssuerSerial than 
without.

But that's my opinion, and no more valid thans yours.
	/r$
Received on Wednesday, 5 February 2003 14:45:50 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:16 GMT