- From: fd <fd@despammed.com>
- Date: Tue, 04 Feb 2003 16:52:23 -0800
- To: Joseph Swaminathan <jswamina@cisco.com>, w3c-ietf-xmldsig@w3.org
> > Since the signature value on the signature node only covers the > signed info element, the individual x.509 elements present in the > key info is not signed at all. In that case, how can these values be > trusted, unless it is cross verified with x.509 certificate. Well, IMHO this is an other case of what Joseph calls "the "Frankenstein Complex" [1]. X.509 elements could contain "signed object" in some PKCS way (PKCS#1 if I rember well), but we dont' want to know about ASN.1 stuff, it 's (probably) a XKMS task ... so we could only infer something on the validity not on the trust of a signature. [1] - http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2003JanMar/0020.html -- - - - - - - - - - - - - - - - - - - - - - - - - fabio dianda - f d @ d e s p a m m e d . c o m - - - - - - - - - - - - - - - - - - - - - - - -
Received on Tuesday, 4 February 2003 11:59:24 UTC