ok thanks, good to be clear. I'll go ahead and make the change.
regards, Frederick
Frederick Hirsch
Nokia
On Feb 25, 2009, at 5:59 PM, ext Thomas Roessler wrote:
I was not suggesting that we should mandate X509Data (or anything like
it).
The point I was getting at was, that along with our
I was not suggesting that we should mandate X509Data (or anything like
it).
The point I was getting at was, that along with our using of X509
certificates, people really ought to use basic path validation as
specified in 5280 -- no matter where the certificate comes from. I
think your ch
Thanks for the proposal Thomas.
This proposal requiring Basic Path Validation seems to conflict with
X509Data being optional, the current language that I think we
discussed during the meeting:
Generation:
5c) The ds:KeyInfo element MAY be included and MAY include
certificate, CRL and/or O
I propose that we add te following text in the beginning of 6.2:
The validation procedure given in this section describes extensions
to XML Signature Core Validation. In addition to the steps defined
in these two specifications, user agents MUST perform Basic Path
Validation [RFC 5280] on