- From: Hal Lockhart <hlockhar@bea.com>
- Date: Fri, 21 Mar 2008 05:13:03 -0700
- To: <public-appformats@w3.org>
- Cc: <member-xmlsec-maintwg-request@w3.org>
The current draft of Widgets 1.0: Digital Signature says: 3. The digital certificate format must be [X.509v3]. This actually is not well defined, however I will assume what is meant is that version field contains a value of 2 (indicating v3). Experience with interoperability testing has shown that some popular PK libraries will only mark certificates as v3 if one or more extension fields are present. Otherwise the version field will be set to zero (indicating version 1). The intention is to provide interoperation with older implementations which only support v1. If the intention is to require the use of extensions in certificates, then restricting certificates to v3 is reasonable. However I see nothing in the document that suggests this. If not, you may want to consider allowing certificates to be labeled as either v1 or v3. Hal Lockhart Office of the CTO BEA Systems
Received on Friday, 21 March 2008 12:13:51 UTC