Re: RespondWith and OCSP from tommy lindberg on 2004-09-02 (www-xkms@w3.org from September 2004)

From: tommy lindberg <lindberg_tommy@hotmail.com>
Date: Thu, 02 Sep 2004 16:16:59 +0000
To: shivarammysore@yahoo.com, www-xkms@w3.org
Message-ID: <BAY12-F16pXh8GirLPt00054b74@hotmail.com>

Hi Shivaram -

>"A new ds:X509DataType element of type base64Binary value is expected in 
>the response value of <ds:X509Data>."

And if I am not mistaken a new element is needed too, presumably in the XKMS 
namespace?

Something like:

<element name="OCSPResponse " type="base64Binary"/>

So that one can say things like

xmlns:ds="..."
xmlns:xkms="..."

<ds:X509Data>
  <xkms:OCSPResponse>...</xkms:OCSPResponse>
</ds:X509Data>

or even

<ds:X509Data>
  <xkms:OCSPResponse>...</xkms:OCSPResponse>
  <xkms:OCSPResponse>...</xkms:OCSPResponse>
</ds:X509Data>

>Another mistake that I saw in the spec was 2 rows above, instead of QName 
>"X509Cert" it must be "X509Certificate"

X509Cert is defined in XKMS itself so I think thisis ok as it stands, 
however it will change as a result of the QName to anyURI(?) change.

Regards
Tommy

>From: Shivaram Mysore <shivarammysore@yahoo.com>
>To: tommy lindberg <lindberg_tommy@hotmail.com>, www-xkms@w3.org
>Subject: Re: RespondWith and OCSP
>Date: Wed, 1 Sep 2004 20:34:21 -0700 (PDT)
>
>Hi Tommy,
>
>Point well made.
>In the DSig Spec [1] there is no reference to PKIX OCSP Token.  Hence, this 
>is the text that I am planning to add in the corresponding description:
>
>"A new ds:X509DataType element of type base64Binary value is expected in 
>the response value of <ds:X509Data>."
>
>Another mistake that I saw in the spec was 2 rows above, instead of QName 
>"X509Cert" it must be "X509Certificate"
>
>[1] http://www.w3.org/TR/xmldsig-core/#sec-X509Data
>
>
>tommy lindberg <lindberg_tommy@hotmail.com> wrote:
>
>
>I understand the RequestAbstractType.RespondWith elements indicate what 
>data
>items the requestor is interested in receiving in a result message and that
>a service is encouraged to honor these indications to the best of its
>ability.
>
>Section 3.2.3 Element has a table that is pretty much clear
>except for the row that contains the following:
>
>OCSP PKIX OCSP token that validates an X509v3 certificate that
>authenticates the key
>
>If the "PKIX OCSP token" is a quantity that the service is meant to Respond
>With then what form does it take?
>
>If the intent is to communicate a DER encoded OCSP ASN.1 type back to the
>requestor, should that not be specified in XKMS along with the markup that
>would carry it - presumably a new ds:X509DataType element of type
>base64Binary?
>
>Or should this row be in the forementioned table in the first place?
>
>Regards
>Tommy
>
>_________________________________________________________________
>The new MSN 8: smart spam protection and 2 months FREE*
>http://join.msn.com/?page=features/junkmail
>
>
>
>
>---------------------------------
>Do you Yahoo!?
>Yahoo! Mail - 50x more storage than other providers!

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar � get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

Received on Thursday, 2 September 2004 16:17:53 UTC