[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services-comment] Specifying Issuer (vs. Subject)
Hi, I'm not a member in the WG so let me see if this comment
list is actually active. Here is a comment/question regarding
draft-sstc-core-25, version of
I noticed that there is a strong a-symmetry between the encoding of Issuer vs. Subject information. The Subject information is well specified in SubjectStatement element (with subelements for name and confirmation, e.g. key). But it seems to me that Issuer should be specified only by name, as a mandatory attribute of <Assertion> element. Am I right? Why is this? I can explain why there may be situations where we may want more or different ways to identify the issuer (in particular, to identify the method to confirm the issuer, e.g. public key, can be very important).
See http://amir.beesites.co.il/book.html for lectures and draft-chapters from book-in-progress, `secure communication and commerce using cryptography`; feedback welcome!
Powered by eList eXpress LLC