W3C home > Mailing lists > Public > www-xkms@w3.org > September 2004

Re: RespondWith and OCSP

From: Shivaram Mysore <shivarammysore@yahoo.com>
Date: Wed, 1 Sep 2004 20:34:21 -0700 (PDT)
Message-ID: <20040902033421.35545.qmail@web51509.mail.yahoo.com>
To: tommy lindberg <lindberg_tommy@hotmail.com>, www-xkms@w3.org
Hi Tommy,
Point well made.  
In the DSig Spec [1] there is no reference to PKIX OCSP Token.  Hence, this is the text that I am planning to add in the corresponding description:
"A new ds:X509DataType element of type base64Binary value is expected in the response value of <ds:X509Data>."
Another mistake that I saw in the spec was 2 rows above, instead of QName "X509Cert" it must be "X509Certificate"
[1] http://www.w3.org/TR/xmldsig-core/#sec-X509Data

tommy lindberg <lindberg_tommy@hotmail.com> wrote:

I understand the RequestAbstractType.RespondWith elements indicate what data 
items the requestor is interested in receiving in a result message and that 
a service is encouraged to honor these indications to the best of its 

Section 3.2.3 Element has a table that is pretty much clear 
except for the row that contains the following:

OCSP PKIX OCSP token that validates an X509v3 certificate that 
authenticates the key

If the "PKIX OCSP token" is a quantity that the service is meant to Respond 
With then what form does it take?

If the intent is to communicate a DER encoded OCSP ASN.1 type back to the 
requestor, should that not be specified in XKMS along with the markup that 
would carry it - presumably a new ds:X509DataType element of type 

Or should this row be in the forementioned table in the first place?


The new MSN 8: smart spam protection and 2 months FREE* 

Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
Received on Thursday, 2 September 2004 03:34:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:43 UTC