- From: Frederic DELEON <frederic.deleon@crf.canon.fr>
- Date: Mon, 09 May 2005 12:03:04 +0200
- To: www-xkms@w3.org
Hello, I would have a question about shared sercrets used as authentication code in XKRSS requests and responses. In §6.1.1, it is said that in case of registration of client-generated key pair, Alice gets the "024837" code from server to authenticate her request (the code is used in <KeyBindingAuthentication>). That's ok for me. In §6.1.2, it is said that in case of registration of service-generated key pair, Bob gets the "3N9CJ-K4JKS-04JWF-0934J-SR09JW-IK4" code from server and that this code is used (in a key derived form) by server to encrypt private key value (and so by client to decrypt it). Is this code also used for client request authentication (<KeyBindingAuthentication>) before private key generation ? Or, do we have to use two different codes ? When looking at appendix C, - in C.1.2, for Bob registration authentication key, authentication data is "3N9CJ-JK4JK-S04JF-W0934-JSR09-JWIK4" - in C.1.3, for Bob registration private key encryption, authentication data is "3N9CJ-K4JKS-04JWF-0934J-SR09JW-IK4" It's nearly the same, but not the same (one character difference). Is it voluntary ? Thanks for your help, Sincerely, Frederic -- Frederic Deleon -- Canon
Received on Monday, 9 May 2005 10:03:36 UTC