W3C home > Mailing lists > Public > www-xkms@w3.org > September 2004

Re: RespondWith and OCSP

From: tommy lindberg <lindberg_tommy@hotmail.com>
Date: Fri, 03 Sep 2004 10:28:14 +0000
To: shivarammysore@yahoo.com, www-xkms@w3.org
Message-ID: <BAY12-F17nZp72fnGmP0005ea35@hotmail.com>


Hi Shivaram -

>--- I could not find the definition of X509Cert.  Can you please point me 
>to the schema snippet or para in the spec.

RespondWith is not an enumeration so it does not appear in the schema; it's 
defined in the table.  I simply didn't think this was a mistake as there is 
no requirement to use the same QName local part as its corresponding Dsig 
X509Data element name. You are of course right that it would be more 
consistent to use X509Certificate.

In any case, if I am not mistaken this value and its companions will soon 
take a form similar to

<RespondWith>http://www.w3.org/2002/03/xkms#X509Certificate</RespondWith>

Regards
Tommy

>From: Shivaram Mysore <shivarammysore@yahoo.com>
>To: tommy lindberg <lindberg_tommy@hotmail.com>
>CC: shivarammysore@yahoo.com
>Subject: Re: RespondWith and OCSP
>Date: Thu, 2 Sep 2004 09:44:47 -0700 (PDT)
>
>Regarding:
> >Another mistake that I saw in the spec was 2 rows above, instead of
>QName
> >"X509Cert" it must be "X509Certificate"
>
>X509Cert is defined in XKMS itself so I think thisis ok as it stands,
>however it will change as a result of the QName to anyURI(?) change.
>
>--- I could not find the definition of X509Cert.  Can you please point me 
>to the schema snippet or para in the spec.
>
>Thanks
>
>/Shivaram
>
>
>
>tommy lindberg <lindberg_tommy@hotmail.com> wrote:
>Hi Shivaram -
>
> >"A new ds:X509DataType element of type base64Binary value is expected in
> >the response value of ."
>
>And if I am not mistaken a new element is needed too, presumably in the 
>XKMS
>namespace?
>
>Something like:
>
>
>
>So that one can say things like
>
>xmlns:ds="..."
>xmlns:xkms="..."
>
>
>...
>
>
>or even
>
>
>...
>...
>
>
> >Another mistake that I saw in the spec was 2 rows above, instead of QName
> >"X509Cert" it must be "X509Certificate"
>
>X509Cert is defined in XKMS itself so I think thisis ok as it stands,
>however it will change as a result of the QName to anyURI(?) change.
>
>Regards
>Tommy
>
> >From: Shivaram Mysore
> >To: tommy lindberg
>, www-xkms@w3.org
> >Subject: Re: RespondWith and OCSP
> >Date: Wed, 1 Sep 2004 20:34:21 -0700 (PDT)
> >
> >Hi Tommy,
> >
> >Point well made.
> >In the DSig Spec [1] there is no reference to PKIX OCSP Token. Hence, 
>this
> >is the text that I am planning to add in the corresponding description:
> >
> >"A new ds:X509DataType element of type base64Binary value is expected in
> >the response value of ."
> >
> >Another mistake that I saw in the spec was 2 rows above, instead of QName
> >"X509Cert" it must be "X509Certificate"
> >
> >[1] http://www.w3.org/TR/xmldsig-core/#sec-X509Data
> >
> >
> >tommy lindberg
>wrote:
> >
> >
> >I understand the RequestAbstractType.RespondWith elements indicate what
> >data
> >items the requestor is interested in receiving in a result message and 
>that
> >a service is encouraged to honor these indications to the best of its
> >ability.
> >
> >Section 3.2.3 Element has a table that is pretty much clear
> >except for the row that contains the following:
> >
> >OCSP PKIX OCSP token that validates an X509v3 certificate that
> >authenticates the key
> >
> >If the "PKIX OCSP token" is a quantity that the service is meant to 
>Respond
> >With then what form does it take?
> >
> >If the intent is to communicate a DER encoded OCSP ASN.1 type back to the
> >requestor, should that not be specified in XKMS along with the markup 
>that
> >would carry it - presumably a new ds:X509DataType element of type
> >base64Binary?
> >
> >Or should this row be in the forementioned table in the first place?
> >
> >Regards
> >Tommy
> >
> >_________________________________________________________________
> >The new MSN 8: smart spam protection and 2 months FREE*
> >http://join.msn.com/?page=features/junkmail
> >
> >
> >
> >
> >---------------------------------
> >Do you Yahoo!?
> >Yahoo! Mail - 50x more storage than other providers!
>
>_________________________________________________________________
>FREE pop-up blocking with the new MSN Toolbar  get it now!
>http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
>
>
>
>
>---------------------------------
>Do you Yahoo!?
>Yahoo! Mail - 50x more storage than other providers!

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus
Received on Friday, 3 September 2004 10:28:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:39:22 GMT