- From: Scott Cantor <cantor.2@osu.edu>
- Date: Tue, 14 Sep 2010 15:36:15 -0400
- To: "'Brian LaMacchia'" <bal@microsoft.com>, "'Pratik Datta'" <pratik.datta@oracle.com>, <public-xmlsec@w3.org>
> Depends on how you define it, of course, but assuming you want an > independent, reusable element you don't want to be constrained by having to > ship an X509Data encapsulator around if you don't need it. But I'll wait to > see the specific language you propose. So I guess people want this? Alright, I'll put together a proposal, but it's basically just: <X509Digest Algorithm="..."> </X509Digest> Probably with a SHA-1 default for compactness. But it's just a KeyInfo child, it has no specific reference to a container element. See also dsig11:OCSPResponse; we can't control where it appears, but in prose we present it as a child of X509Data. I was assuming the same goes here, and that we're talking about a certificate hash, rather than a hash over arbitrary keying material. Regardless of where it appears, all extension points in KeyInfo and X509Data are multiply occurring, so it doesn't make sense to build in repetition inside the child. -- Scott
Received on Tuesday, 14 September 2010 19:36:51 UTC