- From: Rich Salz <rsalz@datapower.com>
- Date: Tue, 04 Feb 2003 10:08:10 -0500
- To: Joseph Swaminathan <jswamina@cisco.com>
- CC: w3c-ietf-xmldsig@w3.org
> Since the signature value on the signature node only covers the > signed info element, the individual x.509 elements present in the > key info is not signed at all. In that case, how can these values be > trusted, unless it is cross verified with x.509 certificate. Right, you don't trust them. You either use the info as lookup keys into your own set of keys/certs that you do trust, or you use the cert, etc., information in the signature, and validate it up to a trust anchor (CA) that you do trust. If you just naively accept whatever credentials are in the certificate, then all you can do is *verify the signature.* The process of determining if you trust the identity of the signer is often called *validating the credentials.* Both things must happen. XMLDSIG defines the semantics of verification; validation is a local policy and implementation issue. /r$
Received on Tuesday, 4 February 2003 10:08:11 UTC