> Maybe I'm misunderstanding the commentary made so far in this > bug report. > > If KeyInfo is indeed advisory, then how does one establish the > trustworthiness of an enveloped signature?
As Sean said, trust, whatever you believe that means, is outside the scope of XML Signature and of the ds:KeyInfo element. The element is used to transmit hints to the relying party to assist in efficiently verifying the signature. After that, there's an entirely separate set of code that every application has to have that evaluates the "legitimacy" of the signing key, and you also have to verify that what's been signed is what you expected. Both steps can be very complex. I think it would be useful if the xmlsec Javadocs made this somewhat more clear in the doc comment for any "verify" methods that exist. People need to be very clear that that method does not mean "trust this message". It's a drop in the bucket. I worry sometimes about the applications out there using this stuff. -- Scott
