[xmlsec] RE: Need urgent help for verify

Aleksey Sanin aleksey at aleksey.com
Wed May 31 11:31:14 PDT 2006


> Does it not make sense to check X509Certificate first ? Or must we 
> consciously remove KeyName to avoid problems in the mscrypto world where 
> the chances of actually having the public verification certificate in 
> the verifiers mscrypto store is remote at best ?
>  
I think, that either signer or verifier should decide if KeyName
makes sense for him/her or not. In xmlsec, there is a way to disable
KeyName usage for verification, for example.

Aleksey




More information about the xmlsec mailing list