OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Minutes minutes SSTC/SAML concall Tue 21-Oct-2008


On Wed, Oct 29, 2008 at 11:18 AM, Scott Cantor <cantor.2@osu.edu> wrote:
>> Scott: What's the reason that you're told it's left open in XML-DSIG?
>
> Because other encodings are legal and presumably if they exist, people have
> a reason to use them.

I think this bears repeating (in case you missed it earlier in the
thread): In RFC 3280/5280, it says:

   The X.509 v3 certificate basic syntax is as follows.  For signature
   calculation, the data that is to be signed is encoded using the ASN.1
   distinguished encoding rules (DER) [X.690].

So this is why you see the DER encoding as the de facto standard
encoding used in PEM and elsewhere.

I see no reason NOT to specify DER encoding for the purposes of
holder-of-key.  Your tooling has to support DER to verify the
signature of an X.509 v3 certificate.

Tom


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]