RE: XML Signature Section 4.4 (KeyInfo)


I hope you are planning to come to the IETF where many of your questions
and a validation of your implementation assumptions with other
developers can get resolved. 

Yes, it's true:  "multiple declarations within KeyIfo can refer to the
same key." A certificate (and its parentage -- aka a chain) could be
attached by a signer as a hint to a verifier in making his making a
trust decision about the public signing key. That's the whole purpose of
KeyInfo. However, there is no reason that evidence in different forms
about the same key can be invalid. Having a public key certified by a CA
does not in any way imply that it's unique to that CA/certification

-----Original Message-----
From: Kevin Regan []
Sent: Wednesday, July 12, 2000 1:38 PM
Subject: XML Signature Section 4.4 (KeyInfo)

This section says:

	"Multiple declarations within KeyInfo refer to the same key."

Is this true?  I don't think it is if we assume that certificate
chains might be included (as per previous discussions).

--Kevin Regan

Received on Wednesday, 12 July 2000 18:27:01 UTC