[xmlsec] X509 - does cert need to be included in XML?

Mark Young ccgenealogy at hotmail.com
Mon Nov 17 16:32:19 PST 2008


Well, I understand that X509 certificates have a "Subject" field, but I wasn't sure how you were suggesting I make use of that.  Are you saying that I should use the X509SubjectName element provided by the xmldsig specification, and that xmlsec will match the contents of X509SubjectName with the contents of the Subject field of one of the certificates in the Keys Manager?

> Date: Fri, 14 Nov 2008 16:26:51 -0800
> From: aleksey at aleksey.com
> To: ccgenealogy at hotmail.com
> CC: xmlsec at aleksey.com
> Subject: Re: [xmlsec] X509 - does cert need to be included in XML?
> 
> Sorry, a typo: "signed certificate" should be "signing certificate".
> 
> Re "certificate subject" - I would suggest you to find and read
> a good book about PKI and X509 certificates.
> 
> Aleksey
> 
> Mark Young wrote:
> > I'm not sure I understand.  What do you mean by "signed" cert and 
> > certificate subject?
> > 
> >  > Date: Mon, 3 Nov 2008 12:16:17 -0800
> >  > From: aleksey at aleksey.com
> >  > To: ccgenealogy at hotmail.com
> >  > CC: xmlsec at aleksey.com
> >  > Subject: Re: [xmlsec] X509 - does cert need to be included in XML?
> >  >
> >  > You can refer to "signed" cert using certificate subject, etc.
> >  > But some reference MUST present.
> >  >
> >  > Aleksey
> >  >
> >  > Mark Young wrote:
> >  > > I've been verifying signed XML documents using an X509 chain, and I've
> >  > > found that the verification is only successful if the actual signing
> >  > > certificate is provided in the XML. The other certificates in the 
> > chain
> >  > > can just be placed in the keys manager. Is there a way for the
> >  > > verification to succeed with all the certificates in the keys manager,
> >  > > without requiring any to be included in the signed XML document? Mike
> >  > >
> >  > > 
> > ------------------------------------------------------------------------
> >  > > When your life is on the go—take your life with you. Try Windows 
> > Mobile®
> >  > > today <http://clk.atdmt.com/MRT/go/115298558/direct/01/>
> >  > >
> >  > >
> >  > > 
> > ------------------------------------------------------------------------
> >  > >
> >  > > _______________________________________________
> >  > > xmlsec mailing list
> >  > > xmlsec at aleksey.com
> >  > > http://www.aleksey.com/mailman/listinfo/xmlsec
> > 
> > ------------------------------------------------------------------------
> > Color coding for safety: Windows Live Hotmail alerts you to suspicious 
> > email. Sign up today. 
> > <http://windowslive.com/Explore/Hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_safety_112008>
> > 
> > 
> > ------------------------------------------------------------------------
> > 
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com
> > http://www.aleksey.com/mailman/listinfo/xmlsec

_________________________________________________________________
Windows Live Hotmail now works up to 70% faster.
http://windowslive.com/Explore/Hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_faster_112008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20081117/7135ac1c/attachment.htm


More information about the xmlsec mailing list