Re: including X509 Certificate Chains in Signature from Ken Goldman on 2000-06-28 (w3c-ietf-xmldsig@w3.org from April to June 2000)

From: Ken Goldman <kgold@watson.ibm.com>
Date: Wed, 28 Jun 2000 14:34:21 -0400
To: w3c-ietf-xmldsig@w3.org
Message-Id: <200006281834.OAA38774@alpha.watson.ibm.com>

I too asked this question.

As I remember, the general answer was "it's up to the application" and
"it's outside DSIG".

I am concerned, as a typical application developer might not
understand anything about certificates, trust a generic DSIG
verifier, and accept a document with a fake certificate.

> Date: Fri, 23 Jun 2000 15:13:52 -0700
> From: Kevin Regan <kevinr@valicert.com>
> 
> I have an understand of how a certificate can be included in
> the signature (S 4.4.4).  However, I'm not sure how an entire
> certificate chain might be included.  Is there an example of
> this anywhere?

-- 
Ken Goldman   kgold@watson.ibm.com   914-784-7646

Received on Wednesday, 28 June 2000 14:34:32 UTC