- From: Hallam-Baker, Phillip <pbaker@verisign.com>
- Date: Wed, 6 Aug 2003 12:22:22 -0700
- To: "'Yasir Khan'" <Yasir.Khan@Ascertia.Com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>
- Cc: www-xkms@w3.org
This message is in reply to issue #309 [1] that you raised during the XKMS
WG Last Call request.
The changes you proposed to the specification have been acted on as follows
and the revised version of the specification may be seen at [2]
Fixed - Request now has respondWith value of X509Cert so response is now
consistent.
At this point the work group believes all concerns raised in issue #309 have
been addressed and that the entire issue is closed, unless we hear
otherwise. (see [3] for additional resolutions)
The XKMS WG would like to thank you for reviewing and commenting on the
draft XKMS specification.
Regards,
Phillip Hallam-Baker on behalf of the XKMS WG
VeriSign Inc.
[1] http://lists.w3.org/Archives/Public/www-xkms/2003Apr/0039.html
[2] http://www.w3.org/2001/XKMS/Drafts/XKMS20030804/xkms-part-1.html
http://www.w3.org/2001/XKMS/Drafts/XKMS20030804/xkms-part-2.html
[3] http://lists.w3.org/Archives/Public/www-xkms/2003Aug/0005.html
-----Original Message-----
From: Yasir Khan [mailto:Yasir.Khan@Ascertia.Com]
Sent: Wednesday, April 30, 2003 9:08 AM
To: Hallam-Baker, Phillip
Cc: www-xkms@w3.org
Subject: [XKMS Validate Example] Invalid Response for a Validate Request
Hi,
I want to point out another mistake in the latest document of XKMS (18 April
2003 )
Section 4.2.1 Example: Document Signature
The XKMS ValidateResponse is not correct according to the ValidateRequest
The ValidateRequest requires KeyName element to be present in
ValidateResult, the ValidateResult has the ResultMajor = Success but only
contains X509Certificate in KeyInfo, according to this example KeyName
should be present in KeyInfo for ResultMajor = Success . This shows that
ValidateResult is not composed successfully.
[156] Request:
<?xml version="1.0" encoding="utf-8"?>
<ValidateRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="Ic4d10f0affff49382b021a820613fa71"
Service="http://test.xmltrustcenter.org/XKMS"
xmlns="http://www.w3.org/2002/03/xkms#">
<RespondWith>KeyName</RespondWith>
<QueryKeyBinding>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>.....</ds:X509Certificate>
<ds:X509Certificate>.....</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<KeyUsage>Signature</KeyUsage>
<UseKeyWith Application="urn:ietf:rfc:2633"
Identifier="alice@alicecorp.test"/>
</QueryKeyBinding>
</ValidateRequest>
[157]Response:
<?xml version="1.0" encoding="utf-8"?>
<ValidateResult xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="Ibc853a2455de4f7433eed5b32ece5918"
Service="http://test.xmltrustcenter.org/XKMS" ResultMajor="Success"
RequestId="#Ic4d10f0affff49382b021a820613fa71"
xmlns="http://www.w3.org/2002/03/xkms#">
<KeyBinding Id="Ie4d5784ea01e70085de088bd09b6e134">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>.....</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<KeyUsage>Signature</KeyUsage>
<KeyUsage>Encryption</KeyUsage>
<KeyUsage>Exchange</KeyUsage>
<UseKeyWith Application="urn:ietf:rfc:2633"
Identifier="alice@alicecorp.test" />
<Status StatusValue="Valid">
<ValidReason>Signature</ValidReason>
<ValidReason>IssuerTrust</ValidReason>
<ValidReason>RevocationStatus</ValidReason>
<ValidReason>ValidityInterval</ValidReason>
</Status>
</KeyBinding>
</ValidateResult>
Best Regards,
Yasir Khan
Received on Wednesday, 6 August 2003 15:22:29 UTC