[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Proposal for resolving Issue 431: X.509 thumbprint extension
Greetings:
Re 431: Issue about thumbprint extensions. ‘Is there a standard that defines an X.509 thumbprint extension? If not how is the thumbprint typically calculated by other shipping products?’
In researching I found that there is no X.509 thumbprint extension but that the thumbprint is computed as the SHA1 hash of the raw octets of the entire certificate. Such a thumbprint is obviously not included in the certificate.
Propose we resolve this issue by
Removing the wording from X.509 token profile [1] as it pertains to X509ThumbprintSHA1.
Equivalent wording about the thumbprint is already in the core at line 991.
As a result there is some confusion about which uri to use for thumbprint references: the one from core or the one from X.509 token profile.
Removing the note from X.509 token profile would alleviate this problem as well.
Specific actions to take on X.509 token profile
1. remove #X509ThumbprintSHA1 http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-x509-token-profile-1.1#X509ThumbprintSHA1
from table at line 162
2. remove section 3.2.4. Thumbprint References
Thanks
Vijay
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]