W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2001

Re: DSAKeyValue text

From: Saroop Mathur <saroop@xpressent.com>
Date: Wed, 6 Jun 2001 17:54:08 -0400 (EDT)
Message-ID: <20010606215347.85823.qmail@web10401.mail.yahoo.com>
To: Donald E Eastlake 3rd <dee3@torque.pothole.com>, w3c-ietf-xmldsig@w3.org
This is somewhat offtopic and may already have been discussed previous.
If so, I apologize.

What is the value of sending RSA/DSA public keys outside of
certificates? Without certificates, the public keys cannot be trusted.
Unless I am missing something, I would suggest that the XMLDSIG should
discourage implementations from sending public keys without
certificates. Currently, section 4.4.2 section specifies that support
for DSAKeyValue element is REQUIRED. Doesn't this lead to
implementations that are insecure?

-Saroop

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/
Received on Thursday, 7 June 2001 09:48:38 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:10:05 UTC