[xmlsec] RE: Need urgent help for verify

Aleksey Sanin aleksey at aleksey.com
Wed May 31 13:20:15 PDT 2006




ed.shallow at rogers.com wrote:
> Yes you are right !!! I forgot about that.
> You mean the "--enabled-key-data" list in the command line utility ? 
> Where is this in the API ? in the Ctx ?
> ----- Original Message ----
> From: Aleksey Sanin <aleksey at aleksey.com>
> To: ed.shallow at rogers.com
> Cc: Jürgen Heiss <jheiss at Mesonic.com>; xmlsec at aleksey.com
> Sent: Wednesday, May 31, 2006 2:31:14 PM
> Subject: Re: [xmlsec] RE: Need urgent help for verify
>  > Does it not make sense to check X509Certificate first ? Or must we
>  > consciously remove KeyName to avoid problems in the mscrypto world where
>  > the chances of actually having the public verification certificate in
>  > the verifiers mscrypto store is remote at best ?
>  >  
> I think, that either signer or verifier should decide if KeyName
> makes sense for him/her or not. In xmlsec, there is a way to disable
> KeyName usage for verification, for example.
> Aleksey

More information about the xmlsec mailing list