[xmlsec] Verifying a signature against a PEM certificate, SOLUTION!

Rich Salz rsalz@datapower.com
Tue, 26 Nov 2002 11:39:14 -0500


> I think this is bad from security point of view. If you are extracting key
> from certificate and using it alone, then you lose "validity" information.
> IMHO, if you want to use X509 PKI then you should use certificates
> directly instead of hacking them.

Unless you're using XKMS, in which case all such "trust" decisions are 
off-loaded to a central server.
	/r$