- From: Kevin Regan <kevinr@valicert.com>
- Date: Thu, 17 Aug 2000 13:28:01 -0700
- To: John Boyer <jboyer@PureEdge.com>, XML DSig <w3c-ietf-xmldsig@w3.org>
Received on Thursday, 17 August 2000 16:37:52 UTC
I want to share one final thought about X509Data. When creating a KeyName, KeyValue, PGPData, MgmtData, RetrievalMethod, etc., we are referring to the data for exactly one key. However, with X509Data, we can refer to a multitude of keys/certificates. I propose that we bring X509Data (back) in line with all the other KeyInfo elements. This would make a lot more sense for implementations that come across an X509Data element. If we restrict each X509Data element to refer to only a single certificate, we offer consistency with all the other KeyInfo elements. Without this, X509Data becomes somewhat of an anomaly. To this end, I propose the following: <!ELEMENT X509Data ( (X509IssuerSerial?, X509SKI?, X509SubjectName?) | X509Certificate | X509CRL )> In other words, either one of X509IssuerSerial, X509SKI, or X509SubjectName (in order), or one X509Certificate, or one X509CRL. This seems much more consistent with the other KeyInfo elements and is much easier to deal with conceptually, from an API standpoint, and for implementations. --Kevin
Received on Thursday, 17 August 2000 16:37:52 UTC