OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] Questions regarding X.509 Certificate Token Profile

> I understand what the text is trying to say. By I think it would be
> more accurate to state that the key element is a verification key
> not the actual key used to sign the document.

I can make that change

> On the second one, my question is when it is a single X509v3 
> certificate,
> what the binary format used is not clear. From the Microsoft 
> IE browser, you
> can export
> a certificate in two different binary fromat, DER encoded and PKCS#7
> formatted.
> It would be nice that the profile will specify exactly which one.

The certificate format is X.509 DER, there is no official standards status
to the PKCS#7 encoding, I cannot see how anyone familliar with X.509 would
make the mistake.

It is a while since I have looked at Exchange certificate formats, I believe
that PKCS#7 wrapping was an attempt to prevent an attack where someone
uploads a certificate to a directory without authorization, it is only
relevant when you own the private key.

The only format specified in X.509 is DER encoding.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]