XKMS is a particular example - I can do a LocateRequest for "Berin Lautenbach" as a KeyName. The response could include a RSA key, known to be good, together with a cert for a separate key. Both will be returned in the same KeyInfo structure.
If XKMS says to do that, I think they need to read the spec again. ;-)
Or I do :>.
My apologies - you are quite correct (on both counts).
UnverifiedKeyBinding refers to a binding between a KeyInfo element and a user. So in my search for Berin, it would actually return multiple KeyInfo elements for multiple keys :
<!-- LocateResult -->
<element name="LocateResult" type="xkms:LocateResultType"/>
<complexType name="LocateResultType">
<complexContent>
<extension base="xkms:ResultType">
<sequence>
<element ref="xkms:UnverifiedKeyBinding" minOccurs="0"
maxOccurs="unbounded"/>
</sequence>
</extension>
</complexContent>
</complexType>
<!-- /LocateResult -->Cheers,
Berin
