- From: Joel Hockey <joel.hockey@qsipayments.com>
- Date: Fri, 8 Mar 2002 10:57:36 +1000
- To: w3c-ietf-xmldsig@w3.org
Hi, I have a query about the case where multiple X509Certificate elements are sent with a signature. I couldn't find any information in the spec concerning the order that they should be sent in, and I couldn't find any mention of this in the mailing list archive. I imagine this is intentional left out of the spec as it does not require any KeyInfo and leaves all this up to the application level. I would expect that when multiple certificates are sent, they should be sent as a chain (same as how an ssl server must send certifictes - rfc 2246), with the sender's cert coming first and each following cert directly certifying the one before it. Does the spec actually mention anything about this, or does anyone else have any thoughts? Thanks, Joel
Received on Thursday, 7 March 2002 19:54:50 UTC