[xmlsec] X509Certificate ordering

Kai Hendry hendry at iki.fi
Fri Jun 17 10:07:58 PDT 2011

On 17 June 2011 15:18, Aleksey Sanin <aleksey at aleksey.com> wrote:
> Te order of certificates is irrelevant for xml signature standard and xmlsec
> does nothing about it.

It does matter. Let me quote my esteemed colleague Paddy:

The problem, if they are out of order, is knowing which is the
end-entity certificate. There is no information to tell you which one
it is - at least, there is no information that is *required* to be
there. I don't think it is reasonable to expect a validator to try
each certificate in turn, to sign the signed info hash, just to see
which one correctly generates the signature data.

There is a way that you could include the required information in the
XML Signature, because you can have an X509SKI or X509IssuerSerial
element that does explicitly identify which of the certs is the
end-entity cert. But inclusion of that information is optional.

I assume that `xmlsec1 verify` has some sort of brute force approach
when finding the key, though it could be more efficient couldn't it?

We at WAC are pushing this as an additional digsig requirement, though
I hope you can first accept this as a valid use case.

Many thanks Aleksey,

More information about the xmlsec mailing list