- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Wed, 16 Oct 2002 10:28:28 -0700
- To: "Www-Xkms (E-mail)" <www-xkms@w3.org>
- Message-ID: <2F3EC696EAEED311BB2D009027C3F4F40ECA63AD@vhqpostal.verisign.com>
This is the issue of specifying how the policy identifier is calculated... Example: Registration of Client-Generated Key Pair Alice requests registration of an RSA key pair for her email address Alice@cryptographer.test. Alice has previously received from the XKMS service the code "024837" with which to authenticate her request. Alice selects the pass phrase "Help I have revealed my key" to authenticate herself should it be necessary to revoke the registration at a later date. The X-KRSS request message contains the following <RegisterRequest> element: Because the registration request is for a client generated key the Authentication element contains both a <ProofOfPossession> element which demonstrates that the request is authorized by the holder of the private key and a <KeyBindingAuthentication> element which demonstrates that the request was made by a person who knows the authentication code "024837". The <PolicyIdentifier> value is used in the <PrototypeKeyBinding> of the request to specify that Alice requests her key be issued under a specific key binding issuance policy. The <PolicyIdentifier> of the resulting <KeyBinding> specifies the actual key binding issuance policy.
Received on Wednesday, 16 October 2002 13:26:40 UTC