W3C home > Mailing lists > Public > www-xkms@w3.org > June 2004

Re: UseKeyWith

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Wed, 23 Jun 2004 11:19:16 +0100
Message-ID: <40D95924.3000203@cs.tcd.ie>
To: Berin Lautenbach <berin@wingsofhermes.org>
Cc: www-xkms@w3.org


Hi Berin,

We briefly discussed this on yesterday's call and the answer is
"yep - those are deliberately not addressed" as you thought.

> I think the following two issues are purposely not addressed by the 
> standard (in that applications can make the decisions), but I thought it 
> worth asking the questions to make sure I haven't missed something obvious.

Good idea to do so! Do let us know if this causes any implementation
problems in your code.

> 1.  If I have a QueryKeyBinding with both a KeyInfo and a set of 
> UseKeyWith elements, and the two constructs refer to different keys (or 
> sets of keys), I assume the resultant response is implementation 
> dependant?  (I.e. union vs. intersection of keys found under the two 
> sets of conditions.)

Yes. I can imagine the union vs. intersection result being influenced
by who's asking, from where, about whom, with which UseKeyWith, etc.
I could also imagine a responder treating all such cases as an error
for validate and doing a union for locate!

> 2  If I have a QueryKeyBinding with a UseKeyWith item, and there are 
> actually multiple applications defined for the key that is found, should 
> the LocateResult have all the potential applications defined in the 
> response UseKeyWith items, or just the intersection between those 
> originally requested and the full list?  (Again, I assume application 
> dependant?)

Again, YMMV. Some keys can be shared across applications (e.g. S/MIME
and TLS client auth), others might be mandated not to be so shared
e.g. a VPN or SET cert (ok ignoring that SET is kind of dead-ish, but
it did specifically mandate that its certs not be used for other
apps.)

Hope that helps, (but you knew anyway:-)
Stephen.
Received on Wednesday, 23 June 2004 06:19:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:22 GMT