[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss] WSSE core example updates
Under XMLDSIG, trimming is the correct behaviour.. Any terminal whitespace in a DN must be hex escaped and is otherwise ignored. See the XMLDSIG DName test vectors for ex: " CN=\ Wolfgang \ +CN=\ Amadeus \20 " Trimming is, however, incorrect for KeyName. merlin r/Irving.Reid@Baltimore.com/2003.08.20/12:24:58 > > One little nit-pick: > > > From: merlin [[1]mailto:merlin@baltimore.ie] > > Subject: [wss] WSSE core example updates > > ... > > 9.2 xenc:EncryptedKey example > > > > Example 9.2 uses a KeyIdentifier to identify the > > certificate associated with an encrypted key. In > > the X.509 spec, we RECOMMEND use of X509IssuerSerial; > > would suggest the example be changed: > > > > ... > > <xenc:EncryptedKey> > > ... > > <ds:KeyInfo> > > <wsse:SecurityTokenReference> > > <ds:X509IssuerSerial> > > <ds:X509IssuerName> > > DC=ACMECorp, DC=com > > </ds:X509IssuerName> > > Unless the issuer name in the certificate explicitly contains the > white space, our example should be formatted as: > > <ds:X509IssuerName>DC=ACMECorp, DC=com</ds:X509IssuerName> > > It's a Really Bad Idea (tm) to make people trim white space before > they use the data (or even to hint that trimming might be appropriate > behaviour). > > > <ds:X509SerialNumber>12345678</ds:X509SerialNumber> > > </ds:X509IssuerSerial> > > </wsse:SecurityTokenReference> > > </ds:KeyInfo> > > ... > > </xenc:EncryptedKey> > > - irving - > ---------------------------------------------------------------------- > ------------------------------------------- > The information contained in this message is confidential and is > intended > for the addressee(s) only. If you have received this message in error > or > there are any problems please notify the originator immediately. The > unauthorised use, disclosure, copying or alteration of this message is > strictly forbidden. Baltimore Technologies plc will not be liable for > direct, special, indirect or consequential damages arising from > alteration of the > contents of this message by a third party or as a result of any virus > being > passed on. > This footnote confirms that this email message has been swept for > Content Security threats, including > computer viruses. > http://www.baltimore.com > This footnote confirms that this email message has been swept by > Baltimore MIMEsweeper for Content Security threats, including > computer viruses. > >References > > 1. mailto:merlin@baltimore.ie
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]