- From: Stephen Farrell <stephen.farrell@baltimore.ie>
- Date: Fri, 18 Jan 2002 16:04:29 +0000
- To: Yassir Elley - Sun Microsystems <Yassir.Elley@Sun.COM>
- CC: www-xkms@w3.org
Yassir, I can see two functions that locate can perform. The one you mention: > I could understand if the client asked the Locate service to return an > X509 certificate or chain of certificates, and then the client did the > validation himself. Is that the intended usage of the Locate service? one variant of which is called DPD in the IETF PKIX context and secondly I can also imagine a client using a locate on a name, getting a (set of) KeyInfo elements, picking one, and then doing a validate (say prior to encryption). I'm not sure if others are considering this latter case, but I think it might be useful. Stephen. -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com
Received on Friday, 18 January 2002 11:03:43 UTC