OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wss] WSSE core example updates


Under XMLDSIG, trimming is the correct behaviour..
Any terminal whitespace in a DN must be hex escaped
and is otherwise ignored.

See the XMLDSIG DName test vectors for ex:
  "    CN=\  Wolfgang \ +CN=\  Amadeus \20    "

Trimming is, however, incorrect for KeyName.

merlin

r/Irving.Reid@Baltimore.com/2003.08.20/12:24:58
>
>   One little nit-pick:
>
>   > From: merlin [[1]mailto:merlin@baltimore.ie]
>   > Subject: [wss] WSSE core example updates
>   > ...
>   > 9.2 xenc:EncryptedKey example
>   >
>   > Example 9.2 uses a KeyIdentifier to identify the
>   > certificate associated with an encrypted key. In
>   > the X.509 spec, we RECOMMEND use of X509IssuerSerial;
>   > would suggest the example be changed:
>   >
>   >   ...
>   >   <xenc:EncryptedKey>
>   >     ...
>   >     <ds:KeyInfo>
>   >       <wsse:SecurityTokenReference>
>   >         <ds:X509IssuerSerial>
>   >           <ds:X509IssuerName>
>   >             DC=ACMECorp, DC=com
>   >           </ds:X509IssuerName>
>
>   Unless the issuer name in the certificate explicitly contains the
>   white space, our example should be formatted as:
>
>               <ds:X509IssuerName>DC=ACMECorp, DC=com</ds:X509IssuerName>
>
>   It's a Really Bad Idea (tm) to make people trim white space before
>   they use the data (or even to hint that trimming might be appropriate
>   behaviour).
>
>   >           <ds:X509SerialNumber>12345678</ds:X509SerialNumber>
>   >         </ds:X509IssuerSerial>
>   >       </wsse:SecurityTokenReference>
>   >     </ds:KeyInfo>
>   >     ...
>   >   </xenc:EncryptedKey>
>
>    - irving -
>   ----------------------------------------------------------------------
>   -------------------------------------------
>   The information contained in this message is confidential and is
>   intended
>   for the addressee(s) only. If you have received this message in error
>   or
>   there are any problems please notify the originator immediately. The
>   unauthorised use, disclosure, copying or alteration of this message is
>   strictly forbidden. Baltimore Technologies plc will not be liable for
>   direct, special, indirect or consequential damages arising from
>   alteration of the
>   contents of this message by a third party or as a result of any virus
>   being
>   passed on.
>   This footnote confirms that this email message has been swept for
>   Content Security threats, including
>   computer viruses.
>   http://www.baltimore.com
>   This footnote confirms that this email message has been swept by
>   Baltimore MIMEsweeper for Content Security threats, including
>   computer viruses.
>
>References
>
>   1. mailto:merlin@baltimore.ie

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]