RE: Poll: Limiting KeyValue to a single Instance?

I vote to keep the definition as it currently is.  I can certainly think of
situations in which I might want to transmit multiple KeyValues at once.
(For example, as part of an XKMS transaction.)  As KeyInfo is now referenced
and used by multiple protocols we cannot assume that it or any of its child
nodes will only occur in an XMLDSIG structure when modifying the


-----Original Message-----
From: Joseph M. Reagle Jr. [] 
Sent: Friday, February 16, 2001 10:25 AM
Subject: Poll: Limiting KeyValue to a single Instance?

In [1] Kent asked, "The current specification also permits multiple KeyValue

elements in a KeyInfo element.  What does this mean?" Given we've been 
trying to clarify other ambiguities, and with respect to the X509 SKI, 
SubjectName, and IssuerSerial, should we also limit KeyValue to occurring 
once and applying to the validation key, or should we keep the meaning that 
it's simply a "key that may be useful in validating the signature?"

Please respond by end of Tuesday Feb 20th.


Joseph Reagle Jr.       
W3C Policy Analyst      
IETF/W3C XML-Signature Co-Chair
W3C XML Encryption Chair

Received on Sunday, 18 February 2001 03:25:09 UTC