[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Comments on XAdES profile
At 22:08 09/03/2004 -0000, Nick Pope wrote: >Juan Carlos, > >I can't envisage a practical need for the client to select the key. The >identity of the requestor must already be authenticated. The only possible >situation is that the requestor has several signing keys, but I don't see >that as the a general requirement. > >Nick Mmmm, but in fact in the core we have included the KeySelector as optional precisely to cope with this kind of situations..., because there may be situations where the cliente may need to select one specific key. And if this is not the general situation it is still a range of situations that may appear. Juan Carlos. > >... > > >> >> >3.1.1.2 lines 172-176 >> >Generally, I would expect the server to select the key. MUST be >> supported >> >by server but only MAY be present in request. >> > >> Well, in fact the writing is not good. >> IF the server is able to gain access to the certificate in the view of >> the identitiy of the requester, then the KeySelector is not needed. >> BUT IF the server can not do that, then the client MUST add its >> certificate to the request. One question that one may have is: >> if the server has the private key, is there any reason why it must >> not have the certificate?... If the answer is NO, then perhaps >> there are not many reasons for this element to appear. >> >> > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]