Re: Fw: Re:Call for Review: XML Digital Signature is a W3C Proposed Recommendation from TAMURA Kent on 2001-10-02 (w3c-ietf-xmldsig@w3.org from October to December 2001)

From: TAMURA Kent <kent@trl.ibm.co.jp>
Date: Tue, 2 Oct 2001 16:59:21 +0900
To: harada@prs.cs.fujitsu.co.jp, w3c-ietf-xmldsig@w3.org, toriumi@sysrap.cs.fujitsu.co.jp
Message-Id: <200110020759.QAA15942@ns.trl.ibm.com>

In message "Fw: Re:Call for Review: XML Digital Signature is a W3C Proposed Recommendation"
    on 01/09/18, "Harada" <harada@prs.cs.fujitsu.co.jp> writes:
>  In verifying, do you use X509CRLs which is created before verifying?

X.509 CRL has information about "updated date" and "next update
date". So we can assume the CRL attached to a signature is the
latest until "next update date".

In my opinion, we would use neither X509CRL elements nor
KeyValue elements with signatures in practical systems.
X509CRLs with signatures might be old, and we should not trust
key information not in X.509 certificates.  A signature should
have an X.509 certificate or a key name, and verifier retrieve
CRL from a local XKMS service.

-- 
TAMURA Kent @ Tokyo Research Laboratory, IBM

Received on Tuesday, 2 October 2001 03:59:58 UTC