[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Minutes minutes SSTC/SAML concall Tue 21-Oct-2008
On Wed, Oct 29, 2008 at 11:18 AM, Scott Cantor <cantor.2@osu.edu> wrote: >> Scott: What's the reason that you're told it's left open in XML-DSIG? > > Because other encodings are legal and presumably if they exist, people have > a reason to use them. I think this bears repeating (in case you missed it earlier in the thread): In RFC 3280/5280, it says: The X.509 v3 certificate basic syntax is as follows. For signature calculation, the data that is to be signed is encoded using the ASN.1 distinguished encoding rules (DER) [X.690]. So this is why you see the DER encoding as the de facto standard encoding used in PEM and elsewhere. I see no reason NOT to specify DER encoding for the purposes of holder-of-key. Your tooling has to support DER to verify the signature of an X.509 v3 certificate. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]