W3C home > Mailing lists > Public > www-xkms-ws@w3.org > November 2001

Re: URL-level trust (was: Re: XKMS)

From: Rich Salz <rsalz@zolera.com>
Date: Thu, 29 Nov 2001 10:54:08 -0500
Message-ID: <3C065A20.58D73DE1@zolera.com>
To: Daniel Ash <Daniel.Ash@identrus.com>
CC: "'Mike Just '" <Mike.Just@entrust.com>, "'www-xkms-ws@w3c.org '" <www-xkms-ws@w3c.org>
> If the client initially trusts a root rather than a response signing
> key from an XKMS service, won't we need to add some authentication
> model for XKMS response signing keys that's analgous to that of OCSP?

We probably have to do something; XKMS certs "buried in the browser" is
clearly a bad way to move forward.  Yet requiring a PKIX bootstrap to
validate an XKMS server is equally bad.  Barring some flash of insight
over the next few months, I expect the best we can do is leave it to our
old friend "out of band"
	/r$
-- 
Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption
http://www.zolera.com
Received on Thursday, 29 November 2001 10:53:40 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 13:51:43 EDT