- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Tue, 13 Feb 2001 17:58:19 -0500
- To: "Donald E. Eastlake 3rd" <lde008@dma.isg.mot.com>
- Cc: Rich Salz <rsalz@caveosystems.com>, w3c-ietf-xmldsig@w3.org, lde008@dma.isg.mot.com
At 10:51 2/13/2001 -0500, Donald E. Eastlake 3rd wrote: > >> All X509IssuerSerial, X509SKI, and X509SubjectName elements must refer > >> to certficiates with the validation key. However, because you can > >> have multiple cetificates for the same key in the same X509Data > >> element, there may be multiple such elements referring to different > >> certificates or, of course, the same element. > >I assume you mean "certificate" for that last word. >Yes. > >Also, what about something like "No ordering is implied." >Sounds reasonable. I'm trying to integrate this paragraph: >All X509IssuerSerial, X509SKI, and X509SubjectName elements must refer to >certficiates containing the validation key. However, since multiple >cetificates for the same key are permitted in the same X509Data element, >there may be multiple such elements referring to different certificates or, >of course, the same certificate. No ordering of these element types is >implied. with this paragraph: >Multiple declarations about a single certificate (e.g., a X509SubjectName >and X509IssuerSerial element) MUST be grouped inside a single X509Data >element; multiple declarations about the same key but different X509 >certificates (related to that single key) MUST be grouped within a single >KeyInfo element but MAY occur in multiple X509Data elements. in a way that is comprehensible, but it's not working too well. Someone else want to suggest some text? __ Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Tuesday, 13 February 2001 17:58:35 UTC