[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Questions regarding X.509 Certificate Token Profile
> I understand what the text is trying to say. By I think it would be > more accurate to state that the key element is a verification key > not the actual key used to sign the document. I can make that change > On the second one, my question is when it is a single X509v3 > certificate, > what the binary format used is not clear. From the Microsoft > IE browser, you > can export > a certificate in two different binary fromat, DER encoded and PKCS#7 > formatted. > It would be nice that the profile will specify exactly which one. The certificate format is X.509 DER, there is no official standards status to the PKCS#7 encoding, I cannot see how anyone familliar with X.509 would make the mistake. It is a while since I have looked at Exchange certificate formats, I believe that PKCS#7 wrapping was an attempt to prevent an attack where someone uploads a certificate to a directory without authorization, it is only relevant when you own the private key. The only format specified in X.509 is DER encoding. Phill
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]