[xmlsec] RE: Need urgent help for verify

[Aleksey Sanin]

> Does it not make sense to check X509Certificate first ? Or must we 
> consciously remove KeyName to avoid problems in the mscrypto world where 
> the chances of actually having the public verification certificate in 
> the verifiers mscrypto store is remote at best ?
>  
I think, that either signer or verifier should decide if KeyName
makes sense for him/her or not. In xmlsec, there is a way to disable
KeyName usage for verification, for example.

Aleksey