I think this is bad from security point of view. If you are extracting key
from certificate and using it alone, then you lose "validity" information.
IMHO, if you want to use X509 PKI then you should use certificates
directly instead of hacking them.
Unless you're using XKMS, in which case all such "trust" decisions are off-loaded to a central server.
/r$


_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec


Reply via email to