- From: Shivaram Mysore <shivarammysore@yahoo.com>
- Date: Wed, 1 Sep 2004 20:34:21 -0700 (PDT)
- To: tommy lindberg <lindberg_tommy@hotmail.com>, www-xkms@w3.org
- Message-ID: <20040902033421.35545.qmail@web51509.mail.yahoo.com>
Hi Tommy, Point well made. In the DSig Spec [1] there is no reference to PKIX OCSP Token. Hence, this is the text that I am planning to add in the corresponding description: "A new ds:X509DataType element of type base64Binary value is expected in the response value of <ds:X509Data>." Another mistake that I saw in the spec was 2 rows above, instead of QName "X509Cert" it must be "X509Certificate" [1] http://www.w3.org/TR/xmldsig-core/#sec-X509Data tommy lindberg <lindberg_tommy@hotmail.com> wrote: I understand the RequestAbstractType.RespondWith elements indicate what data items the requestor is interested in receiving in a result message and that a service is encouraged to honor these indications to the best of its ability. Section 3.2.3 Element has a table that is pretty much clear except for the row that contains the following: OCSP PKIX OCSP token that validates an X509v3 certificate that authenticates the key If the "PKIX OCSP token" is a quantity that the service is meant to Respond With then what form does it take? If the intent is to communicate a DER encoded OCSP ASN.1 type back to the requestor, should that not be specified in XKMS along with the markup that would carry it - presumably a new ds:X509DataType element of type base64Binary? Or should this row be in the forementioned table in the first place? Regards Tommy _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail --------------------------------- Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers!
Received on Thursday, 2 September 2004 03:34:52 UTC