[xmlsec] Verifying a signature against a PEM certificate, SOLUTION!

[Rich Salz]

> I think this is bad from security point of view. If you are extracting key
> from certificate and using it alone, then you lose "validity" information.
> IMHO, if you want to use X509 PKI then you should use certificates
> directly instead of hacking them.

Unless you're using XKMS, in which case all such "trust" decisions are 
off-loaded to a central server.
	/r$