- From: Saroop Mathur <saroop@xpressent.com>
- Date: Wed, 6 Jun 2001 17:54:08 -0400 (EDT)
- To: Donald E Eastlake 3rd <dee3@torque.pothole.com>, w3c-ietf-xmldsig@w3.org
This is somewhat offtopic and may already have been discussed previous. If so, I apologize. What is the value of sending RSA/DSA public keys outside of certificates? Without certificates, the public keys cannot be trusted. Unless I am missing something, I would suggest that the XMLDSIG should discourage implementations from sending public keys without certificates. Currently, section 4.4.2 section specifies that support for DSAKeyValue element is REQUIRED. Doesn't this lead to implementations that are insecure? -Saroop __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/
Received on Thursday, 7 June 2001 09:48:38 UTC