W3C home > Mailing lists > Public > www-xkms@w3.org > October 2002

ISSUE # 49

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Wed, 16 Oct 2002 10:28:28 -0700
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F40ECA63AD@vhqpostal.verisign.com>
To: "Www-Xkms (E-mail)" <www-xkms@w3.org>
  This is the issue of specifying how the policy identifier is calculated...


Example: Registration of Client-Generated Key Pair


Alice requests registration of an RSA key pair for her email address
Alice@cryptographer.test. Alice has previously received from the XKMS
service the code "024837" with which to authenticate her request. Alice
selects the pass phrase "Help I have revealed my key" to authenticate
herself should it be necessary to revoke the registration at a later date.

The X-KRSS request message contains the following <RegisterRequest> element:
Because the registration request is for a client generated key the
Authentication element contains both a <ProofOfPossession> element which
demonstrates that the request is authorized by the holder of the private key
and a <KeyBindingAuthentication> element which demonstrates that the request
was made by a person who knows the authentication code "024837".

The <PolicyIdentifier> value is used in the <PrototypeKeyBinding> of the
request to specify that Alice requests her key be issued under a specific
key binding issuance policy. The <PolicyIdentifier> of the resulting
<KeyBinding> specifies the actual key binding issuance policy.
Received on Wednesday, 16 October 2002 13:26:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:40 UTC