[xmlsec] RE: Need urgent help for verify
aleksey at aleksey.com
Wed May 31 11:31:14 PDT 2006
> Does it not make sense to check X509Certificate first ? Or must we
> consciously remove KeyName to avoid problems in the mscrypto world where
> the chances of actually having the public verification certificate in
> the verifiers mscrypto store is remote at best ?
I think, that either signer or verifier should decide if KeyName
makes sense for him/her or not. In xmlsec, there is a way to disable
KeyName usage for verification, for example.
More information about the xmlsec