[xmlsec] Verifying a signature against a PEM certificate, SOLUTION!
rsalz at datapower.com
Tue Nov 26 08:39:14 PST 2002
> I think this is bad from security point of view. If you are extracting key
> from certificate and using it alone, then you lose "validity" information.
> IMHO, if you want to use X509 PKI then you should use certificates
> directly instead of hacking them.
Unless you're using XKMS, in which case all such "trust" decisions are
off-loaded to a central server.
More information about the xmlsec