- From: Kevin Regan <kevinr@valicert.com>
- Date: Wed, 12 Jul 2000 15:24:26 -0700
- To: Barb Fox <bfox@Exchange.Microsoft.com>, Kevin Regan <kevinr@valicert.com>, w3c-ietf-xmldsig@w3.org
- Message-id: <27FF4FAEA8CDD211B97E00902745CBE2015B882C@seine.valicert.com>
I guess my confusion comes from the phrase "refer to the same key."
This wording seems
(to me anyway) to suggest that each item in KeyInfo is a different
representation for a single
key. Certificates in a certificate chain each "refer" to (or contain) a
different key, but are used to validate
a specific key. Maybe the wording can be changed to be more clear...
--Kevin
-----Original Message-----
From: Barb Fox [mailto:bfox@Exchange.Microsoft.com]
Sent: Wednesday, July 12, 2000 3:17 PM
To: Kevin Regan; w3c-ietf-xmldsig@w3.org
Subject: RE: XML Signature Section 4.4 (KeyInfo)
Kevin:
I hope you are planning to come to the IETF where many of your questions
and a validation of your implementation assumptions with other
developers can get resolved.
Yes, it's true: "multiple declarations within KeyIfo can refer to the
same key." A certificate (and its parentage -- aka a chain) could be
attached by a signer as a hint to a verifier in making his making a
trust decision about the public signing key. That's the whole purpose of
KeyInfo. However, there is no reason that evidence in different forms
about the same key can be invalid. Having a public key certified by a CA
does not in any way imply that it's unique to that CA/certification
process.
--Barb
-----Original Message-----
From: Kevin Regan [ mailto:kevinr@valicert.com
<mailto:kevinr@valicert.com> ]
Sent: Wednesday, July 12, 2000 1:38 PM
To: w3c-ietf-xmldsig@w3.org
Subject: XML Signature Section 4.4 (KeyInfo)
This section says:
"Multiple declarations within KeyInfo refer to the same key."
Is this true? I don't think it is if we assume that certificate
chains might be included (as per previous discussions).
--Kevin Regan
Received on Wednesday, 12 July 2000 18:32:21 UTC