- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Fri, 07 Jul 2000 22:13:32 -0400
- To: "David Blondeau" <blondeau@intalio.com>
- Cc: "John Boyer" <jboyer@PureEdge.com>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>, <w3c-ietf-xmldsig@w3.org>
At 11:43 AM 6/13/00 -0700, David Blondeau wrote:
>I would like to point 2 things in the section 4.4.4 about the X509Data
>element:
>
>1)just a typo: in the example, the second X509Data element is supposed to
be
>for Certificate B so it should be "Subject of Certificate B" not "Subject
of
>Certificate A".
Fixed in forthcoming draft.
<X509Data>
<X509IssuerSerial>
<X509IssuerName>My CA for Certificate A</X509IssuerName>
<X509SerialNumber>12345678</X509SerialNumber>
</X509IssuerSerial>
<X509SKI>31d97bd7</X509SKI>
</X509Data>
<X509Data>
<X509SubjectName>Subject of Certificate B</X509SubjectName>
</X509Data>
>2) I think the following paragraph and the schema are in contradiction:
>"Multiple declarations about a single certificate (e.g., a X509SubjectName
>and X509IssuerSerial element) MUST be grouped inside a single X509Data
>element; multiple declarations about the same key but different
certificates
>(related to that single key) MUST be grouped within a single KeyInfo
element
>but multiple X509Data elements.[...]"
>
>So, a X509Data element MUST correspond to only one certificate but the
>schema says that there can be 0 or more X509Certificate elements in one
>X509Data element!
>The same thing apply to the X509CRL element, could it be more than one CRL
>by certificate?
Fixed according to Brian's followup.
_________________________________________________________
Joseph Reagle Jr.
W3C Policy Analyst mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Friday, 7 July 2000 22:15:59 UTC