- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 25 Feb 2009 15:23:37 +0100
- To: "public-webapps@w3.org WG" <public-webapps@w3.org>
I propose that we add te following text in the beginning of 6.2: > The validation procedure given in this section describes extensions > to XML Signature Core Validation. In addition to the steps defined > in these two specifications, user agents MUST perform Basic Path > Validation [RFC 5280] on the signing key. The set of acceptable > trust anchors, and policy decisions based on the signer's identity > are established through a security-cirtical out-of-band mechanism. (If somebody can think of something nicer to say, that's fine as well. Note that the Basic Path Validation requirement isn't really new -- it's implicit to our use of X.509, if done properly. Nevertheless, worth calling out properly.) -- Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 25 February 2009 14:23:49 UTC