[xmlsec] RE: Need urgent help for verify
aleksey at aleksey.com
Wed May 31 13:20:15 PDT 2006
ed.shallow at rogers.com wrote:
> Yes you are right !!! I forgot about that.
> You mean the "--enabled-key-data" list in the command line utility ?
> Where is this in the API ? in the Ctx ?
> ----- Original Message ----
> From: Aleksey Sanin <aleksey at aleksey.com>
> To: ed.shallow at rogers.com
> Cc: Jürgen Heiss <jheiss at Mesonic.com>; xmlsec at aleksey.com
> Sent: Wednesday, May 31, 2006 2:31:14 PM
> Subject: Re: [xmlsec] RE: Need urgent help for verify
> > Does it not make sense to check X509Certificate first ? Or must we
> > consciously remove KeyName to avoid problems in the mscrypto world where
> > the chances of actually having the public verification certificate in
> > the verifiers mscrypto store is remote at best ?
> I think, that either signer or verifier should decide if KeyName
> makes sense for him/her or not. In xmlsec, there is a way to disable
> KeyName usage for verification, for example.
More information about the xmlsec