[xmlsec] Verifying a signature against a PEM certificate, SOLUTION!

Rich Salz rsalz at datapower.com
Tue Nov 26 08:39:14 PST 2002

> I think this is bad from security point of view. If you are extracting key
> from certificate and using it alone, then you lose "validity" information.
> IMHO, if you want to use X509 PKI then you should use certificates
> directly instead of hacking them.

Unless you're using XKMS, in which case all such "trust" decisions are 
off-loaded to a central server.

More information about the xmlsec mailing list