Re: Indicating certificate order in XML Dig Sig

On Mon, Jun 20, 2011 at 3:21 PM, Cantor, Scott E. <> wrote:
> On 6/20/11 8:37 AM, "Marcos Caceres" <> wrote:
>>Is there some means to explicitly indicate the order in which
>>certificates in an xml dig sig file should be processed? The problem
>>is that if you screw up the certificate order in the xml file, the
>>validator (e.g,. xmlsec) does not know which cert is the end-entity.
> BP is EE first, the rest after (and technically the order of the rest
> isn't supposed to matter).

Can I get an assurance from the XML Sec working group that a
non-normative note will be added to the XML Dig Sig specification wrt
to this best practice? Please consider this comment implementer
feedback on the CR.

Marcos Caceres

Received on Monday, 27 June 2011 17:06:23 UTC