- From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
- Date: Thu, 14 Jan 2010 17:43:21 -0500
- To: ext Sean Mullan <Sean.Mullan@Sun.COM>
- Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>
Sean I thought we discovered a use case, but I think it was a SKI use case, so I suspect we won't need this after all (unless I can nail down a clear case). I'd prefer no more last minute changes, so thanks for the reality check. regards, Frederick Frederick Hirsch Nokia On Jan 14, 2010, at 3:34 PM, ext Sean Mullan wrote: > I question the value of this. The AKID does not help identify the > signer's certificate, it helps identify the CA certificate that > issued/signed it. Can you describe a use case for how this would be > used? > > --Sean > > Frederick Hirsch wrote: >> [not as chair] >> >> Would it be possible to add a new element to XML Signature 1.1, >> namely >> X509AKI - I view this as along the same lines as the added OCSP >> element. >> >> Proposal: >> >> Add dsig11:X509AKI to list in #1 in section 4.5.4 The X509Data >> Element >> >> The X509AKI element which contains the base64 encoded plain (i.e. >> non-DER-encoded) value of a X509 V.3 Authority Key Identifier >> extension. >> >> with schema >> <element name="X509AKI" type="base64Binary"/> >> --- >> >> I've gotten feedback that this would be helpful and would like >> propose >> we add it before Last Call. >> >> Thanks >> >> regards, Frederick >> >> Frederick Hirsch >> Nokia >> >> >> >> >
Received on Thursday, 14 January 2010 22:43:56 UTC