Re: proposed XML Signature 1.1 addition

I question the value of this. The AKID does not help identify the 
signer's certificate, it helps identify the CA certificate that 
issued/signed it. Can you describe a use case for how this would be used?

--Sean

Frederick Hirsch wrote:
> [not as chair]
> 
> Would it be possible to add a new element to XML Signature 1.1, namely 
> X509AKI - I view this as along the same lines as the added OCSP element.
> 
> Proposal:
> 
> Add  dsig11:X509AKI  to list in #1 in section 4.5.4 The X509Data Element
> 
> The X509AKI  element which contains the base64 encoded plain (i.e. 
> non-DER-encoded) value of a X509 V.3 Authority Key Identifier extension.
> 
> with schema
> <element name="X509AKI" type="base64Binary"/>
> ---
> 
> I've gotten feedback that this would be helpful and would like propose 
> we add it before Last Call.
> 
> Thanks
> 
> regards, Frederick
> 
> Frederick Hirsch
> Nokia
> 
> 
> 
> 

Received on Thursday, 14 January 2010 20:35:25 UTC