- From: Scott Cantor <cantor.2@osu.edu>
- Date: Tue, 14 Sep 2010 12:48:43 -0400
- To: "'Pratik Datta'" <pratik.datta@oracle.com>, <public-xmlsec@w3.org>
> If you see, some of them build on XML Sig mechanisms e.g. IssuerSerial, and > some of them are different e.g. the SKI and direct, and some of them are new > e.g. Thumbprint. We need to have a Thumbprint equivalent in XML Sig. I was going to propose that we deprecate X509IssuerSerial and leave it at that, mainly because if we do a thumbprint, I think it probably needs to be hash agile. Not so much for XML Signature's use, but the other places KeyInfo gets used it isn't always a hint, but may normatively refer to a key for the purposes of trust establishment. That seems like a bigger change than we'd want to introduce for Last Call, but if people want it, I can write it up. I will propose deprecation text for X509IssuerSerial separately, as a replacement for the "take care" text we have there now. -- Scott
Received on Tuesday, 14 September 2010 16:49:18 UTC