Re: proposed XML Signature 1.1 addition

Sean

I thought we discovered a use case, but I think it was a SKI use case,  
so I suspect we won't need this after all (unless I can nail down a  
clear case).

I'd prefer no more last minute changes, so thanks for the reality check.

regards, Frederick

Frederick Hirsch
Nokia



On Jan 14, 2010, at 3:34 PM, ext Sean Mullan wrote:

> I question the value of this. The AKID does not help identify the
> signer's certificate, it helps identify the CA certificate that
> issued/signed it. Can you describe a use case for how this would be  
> used?
>
> --Sean
>
> Frederick Hirsch wrote:
>> [not as chair]
>>
>> Would it be possible to add a new element to XML Signature 1.1,  
>> namely
>> X509AKI - I view this as along the same lines as the added OCSP  
>> element.
>>
>> Proposal:
>>
>> Add  dsig11:X509AKI  to list in #1 in section 4.5.4 The X509Data  
>> Element
>>
>> The X509AKI  element which contains the base64 encoded plain (i.e.
>> non-DER-encoded) value of a X509 V.3 Authority Key Identifier  
>> extension.
>>
>> with schema
>> <element name="X509AKI" type="base64Binary"/>
>> ---
>>
>> I've gotten feedback that this would be helpful and would like  
>> propose
>> we add it before Last Call.
>>
>> Thanks
>>
>> regards, Frederick
>>
>> Frederick Hirsch
>> Nokia
>>
>>
>>
>>
>

Received on Thursday, 14 January 2010 22:43:56 UTC