- From: Scott Cantor <cantor.2@osu.edu>
- Date: Mon, 10 Nov 2008 16:01:23 -0500
- To: <Sean.Mullan@Sun.COM>
- Cc: "'Magnus Nyström'" <magnus@rsa.com>, "'XMLSec WG Public List'" <public-xmlsec@w3.org>, "'Frederick Hirsch'" <frederick.hirsch@nokia.com>
> I think I'm ok with this but I don't think we should be any more > specific, such as stating the DER encoded certificate MUST be 100% > compliant with PKIX/RFC 5280. (I don't think this is what you are > suggesting, but I think it is worth mentioning just in case). No, I'm definitely not suggesting that, and I agree with that. I am in favor of as few dependencies on 5280 as possible, simply because so many things that depend on dsig and the use of certificates that are nominally "X.509" don't have any intention of actually following PKIX to any significant degree. -- Scott
Received on Monday, 10 November 2008 21:03:56 UTC