Re: Indicating certificate order in XML Dig Sig from Cantor, Scott E. on 2011-06-20 (public-webapps@w3.org from April to June 2011)

From: Cantor, Scott E. <cantor.2@osu.edu>
Date: Mon, 20 Jun 2011 14:21:34 +0000
To: Marcos Caceres <marcosscaceres@gmail.com>, public-webapps <public-webapps@w3.org>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>
CC: Thomas Roessler <tlr@w3.org>, "Frederick.Hirsch@nokia.com" <frederick.hirsch@nokia.com>, Kai Hendry <kai.hendry@wacapps.net>, Paddy Byers <paddy.byers@gmail.com>
Message-ID: <CA24CF4B.DAC6%cantor.2@osu.edu>

On 6/20/11 8:37 AM, "Marcos Caceres" <marcosscaceres@gmail.com> wrote:
>Is there some means to explicitly indicate the order in which
>certificates in an xml dig sig file should be processed? The problem
>is that if you screw up the certificate order in the xml file, the
>validator (e.g,. xmlsec) does not know which cert is the end-entity.

BP is EE first, the rest after (and technically the order of the rest
isn't supposed to matter).

-- Scott

Received on Monday, 20 June 2011 14:23:02 UTC