RE: UseKeyWith Application="urn:ietf:rfc:2459" (PKIX) from Hallam-Baker, Phillip on 2002-12-23 (www-xkms@w3.org from December 2002)

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Mon, 23 Dec 2002 06:29:35 -0800
To: "Hart, Loren L." <llhart@verisign.com>, "'www-xkms@w3.org'" <www-xkms@w3.org>
Message-ID: <CE541259607DE94CA2A23816FB49F4A3953DE6@vhqpostal6.verisign.com>

There is an overlap but no ambiguity.

From the point of view of the client it is much more convenient for
registration if usekeywith is the way to specify all the parameters of
the key. That means that you only need one GUI interface, you don't have
to special case DNs.

On the XKISS side I think that there is a distinction between the
UseKeyWith and X509Data slots. UseKeyWith is the data the information
cares about. I don't know that many applications care all that much
about DNs. If OSI had won then this would all be different, however OSI
lost big...

The only instance in I can think of in which I would be looking up a
certificate by DN would be in some form of path discovery algorithm.


On a related note should there be a UseKeyWith for logotypes?

		Phill

> -----Original Message-----
> From: Hart, Loren L. [mailto:llhart@verisign.com]
> Sent: Thursday, December 19, 2002 4:59 PM
> To: 'www-xkms@w3.org'
> Subject: UseKeyWith Application="urn:ietf:rfc:2459" (PKIX)
> 
> 
> I was wondering what the difference is in specifying a Distinguished
> Name (DN) in a KeyBinding using a
> xkms:UseKeyWith element versus using
> ds:KeyInfo/ds:X509Data/ds:X509SubjectName element?
> 
> -- Loren
>

Received on Monday, 23 December 2002 09:29:44 UTC