- From: Marcos Caceres <marcosscaceres@gmail.com>
- Date: Mon, 27 Jun 2011 18:05:34 +0100
- To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
- Cc: public-webapps <public-webapps@w3.org>, Thomas Roessler <tlr@w3.org>, "Frederick.Hirsch@nokia.com" <frederick.hirsch@nokia.com>, Kai Hendry <kai.hendry@wacapps.net>, Paddy Byers <paddy.byers@gmail.com>
On Mon, Jun 20, 2011 at 3:21 PM, Cantor, Scott E. <cantor.2@osu.edu> wrote: > On 6/20/11 8:37 AM, "Marcos Caceres" <marcosscaceres@gmail.com> wrote: >>Is there some means to explicitly indicate the order in which >>certificates in an xml dig sig file should be processed? The problem >>is that if you screw up the certificate order in the xml file, the >>validator (e.g,. xmlsec) does not know which cert is the end-entity. > > BP is EE first, the rest after (and technically the order of the rest > isn't supposed to matter). Can I get an assurance from the XML Sec working group that a non-normative note will be added to the XML Dig Sig specification wrt to this best practice? Please consider this comment implementer feedback on the CR. -- Marcos Caceres http://datadriven.com.au
Received on Monday, 27 June 2011 17:06:21 UTC