W3C home > Mailing lists > Public > www-xkms-ws@w3.org > November 2001

AuthServerInfo question

From: Frederick Hirsch <hirsch@zolera.com>
Date: Wed, 28 Nov 2001 15:09:08 -0500
To: "www-xkms-ws" <www-xkms-ws@w3.org>
I'm not sure I understand the need for AuthServerInfoType in addition to

I think the intent is that AuthServerInfoType is used for the client to
authenticate in a request in the case where the server generated the key
pair. Couldn't the client still include a ProofOfPossession in the request
to authenticate once the private key was delivered to the client? If so,
then the AuthUserInfoType could be used for all client authentication to the
server. Alternately, not all elements in AuthUserInfoType are required to be

This would require trusting the server not to distribute the private key
incorrectly - is a concern for non-repudiation the reason for the two type

Frederick Hirsch
Zolera Systems, http://www.zolera.com/
Information Integrity, XML Security
Received on Wednesday, 28 November 2001 15:07:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:07:34 UTC