- From: Phillip M Hallam-Baker <pbaker@verisign.com>
- Date: Mon, 26 Apr 1999 14:30:58 -0400
- To: <rdbrown@GlobeSet.com>, "'Bob Relyea'" <relyea@netscape.com>
- Cc: "'Bede McCall'" <bede@mitre.org>, <w3c-xml-sig-ws@w3.org>
> I was not refering to what appear on the wire but rather what is being fed > to the "crypto-engine". If I make use of a crypto-algorithm (i.e. DSA) > through some crypto API (i.e. JCE), I just pass a reference to or > the value > of the private-key. If I make use of a package such as PKCS#7, I usually > have to pass not only a refernce to the private key but also the > certificate > chain. That is inescapable. If a message format is going to support the transport of certificate chains, APIs which build messages in the format must allow a certificate chain to be supplied. I would expect any sane signed XML API to allow a certificate chain be passed. Phill
Received on Tuesday, 27 April 1999 14:29:48 UTC