Unless you're using XKMS, in which case all such "trust" decisions are off-loaded to a central server.I think this is bad from security point of view. If you are extracting key from certificate and using it alone, then you lose "validity" information. IMHO, if you want to use X509 PKI then you should use certificates directly instead of hacking them.
/r$
_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec
