- From: Sean Mullan <Sean.Mullan@Sun.COM>
- Date: Thu, 14 Jan 2010 15:34:56 -0500
- To: Frederick Hirsch <frederick.hirsch@nokia.com>
- Cc: XMLSec WG Public List <public-xmlsec@w3.org>
I question the value of this. The AKID does not help identify the signer's certificate, it helps identify the CA certificate that issued/signed it. Can you describe a use case for how this would be used? --Sean Frederick Hirsch wrote: > [not as chair] > > Would it be possible to add a new element to XML Signature 1.1, namely > X509AKI - I view this as along the same lines as the added OCSP element. > > Proposal: > > Add dsig11:X509AKI to list in #1 in section 4.5.4 The X509Data Element > > The X509AKI element which contains the base64 encoded plain (i.e. > non-DER-encoded) value of a X509 V.3 Authority Key Identifier extension. > > with schema > <element name="X509AKI" type="base64Binary"/> > --- > > I've gotten feedback that this would be helpful and would like propose > we add it before Last Call. > > Thanks > > regards, Frederick > > Frederick Hirsch > Nokia > > > >
Received on Thursday, 14 January 2010 20:35:25 UTC