[xmlsec] Wrong key selection in simple keys store?

Rich Salz rsalz at datapower.com
Sat Sep 13 13:45:38 PDT 2003

> And in general, I would not recommend to search for keys without specifying
> a unique key name. It sounds like a good way to get yourself in trouble.

Strongly agree.  Unless the keystore has exactly one key, I think a name
(or some other identifying information) should be required.

Ambiguity in signing is a bad idea. :)

Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

More information about the xmlsec mailing list