<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
</head>
<body>
<font face="Arial,sans-serif"><font size="2"><br>
<br>
<span type="cite">Aleksey Sanin wrote:</span> </font></font>
<p><font face="Arial,sans-serif" size="2"> </font></p>
<blockquote type="cite"
style="border-left: thin solid blue; padding-left: 10px; margin-left: 0pt;"><font
face="Arial,sans-serif" size="2"> AFAIK, theoreticaly speaking you are
right. "Public" and "private"<br>
key parts are independent. However, all used in xmlsec private key <br>
formats (PEM, DER, PKCS#8) include both "private" and "public" key<br>
parts. Thus, the assumption used in xmlsec library is that if you have<br>
private key then you always have public key too. It seems from your <br>
description that NSS uses the same assumption and I don't see any <br>
problems with it.</font></blockquote>
<font size="2"><font face="Arial,sans-serif">In the NSS port for
XMLSEC, I wanted to go with the same assumption,<br>
but the underlying NSS library provides no API that support it (as of
now). <br>
Here are the options right now:<br>
1) remove the assumption from XMLSEC that private key always<br>
contains public key<br>
2) enhance NSS library to support the case of private key containing<br>
public key<br>
3) do the NSS port of XMLSEC differently that does not assume<br>
that private key contains public key... This is not going to be easy
since<br>
the xmlsec assumption is in the crypto-independent code....<br>
<br>
What do you think of option (1)?. Seems like the best option to me.<br>
Meanwhile, I'll explore 2 ... continue the dialogue with the NSS team.<br>
<br>
thanks,<br>
<br>
-Tej<br>
<br>
</font></font>
<blockquote type="cite"
style="border-left: thin solid blue; padding-left: 10px; margin-left: 0pt;"><font
face="Arial,sans-serif" size="2"><br>
<br>
Aleksey<br>
<br>
<br>
</font></blockquote>
</body>
</html>