- From: Carl Ellison <cme@jf.intel.com>
- Date: Wed, 10 May 2000 12:37:07 -0700
- To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
- Cc: Ken Goldman <kgold@watson.ibm.com>, w3c-ietf-xmldsig@w3.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 02:34 PM 5/10/00 -0400, Donald E. Eastlake 3rd wrote: >Why, for the certificate application, would you use a certificate as >KeyInfo? Why not just issuer and serial number? Or omit the KeyInfo >entirely and encode signer information elsewhere in the XML >certificate. This seems like a good example of the need for >flexibility in the format and optional presence of KeyInfo. (issuer,serial number) is from the X.509 world and is one of the ways X.509 is broken. "issuer" is a DN and might identify an issuer, if DN's were from a singly-rooted name space, as was the original plan in X.500. DN's are not singly-rooted and never will be -- so using a DN as an identifier is broken. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 iQA/AwUBORm6Y8xqBGb+WvJAEQKr7wCfayvYkyHfeMYn2YttiCCRGJWNp/gAoPRq Sq5MdNnKPiW4zU062t7S2E3Z =AuSa -----END PGP SIGNATURE----- +--------------------------------------------------------+ |Carl Ellison Intel E: cme@jf.intel.com | |2111 NE 25th Ave M/S JF3-212 T: +1-503-264-2900 | |Hillsboro OR 97124 F: +1-503-264-6225 | |PGP Key ID: 0xFE5AF240 C: +1-503-819-6618 | | 1FDB 2770 08D7 8540 E157 AAB4 CC6A 0466 FE5A F240 | +--------------------------------------------------------+
Received on Wednesday, 10 May 2000 15:37:12 UTC