Hi Tommy, Point well made. In the DSig Spec [1] there is no reference to PKIX OCSP Token. Hence, this is the text that I am planning to add in the corresponding description: "A new ds:X509DataType element of type base64Binary value is expected in the response value of <ds:X509Data>." Another mistake that I saw in the spec was 2 rows above, instead of QName "X509Cert" it must be "X509Certificate" [1] http://www.w3.org/TR/xmldsig-core/#sec-X509Data tommy lindberg <lindberg_tommy@hotmail.com> wrote: I understand the RequestAbstractType.RespondWith elements indicate what data items the requestor is interested in receiving in a result message and that a service is encouraged to honor these indications to the best of its ability. Section 3.2.3 Element has a table that is pretty much clear except for the row that contains the following: OCSP PKIX OCSP token that validates an X509v3 certificate that authenticates the key If the "PKIX OCSP token" is a quantity that the service is meant to Respond With then what form does it take? If the intent is to communicate a DER encoded OCSP ASN.1 type back to the requestor, should that not be specified in XKMS along with the markup that would carry it - presumably a new ds:X509DataType element of type base64Binary? Or should this row be in the forementioned table in the first place? Regards Tommy _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail --------------------------------- Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers!Received on Thursday, 2 September 2004 03:34:52 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 20 September 2007 14:31:01 GMT