On Mon, Jun 20, 2011 at 3:21 PM, Cantor, Scott E. <canto...@osu.edu> wrote: > On 6/20/11 8:37 AM, "Marcos Caceres" <marcosscace...@gmail.com> wrote: >>Is there some means to explicitly indicate the order in which >>certificates in an xml dig sig file should be processed? The problem >>is that if you screw up the certificate order in the xml file, the >>validator (e.g,. xmlsec) does not know which cert is the end-entity. > > BP is EE first, the rest after (and technically the order of the rest > isn't supposed to matter).
Can I get an assurance from the XML Sec working group that a non-normative note will be added to the XML Dig Sig specification wrt to this best practice? Please consider this comment implementer feedback on the CR. -- Marcos Caceres http://datadriven.com.au