mace-opensaml-users - encoding an X.509 certificate
Subject: OpenSAML user discussion
List archive
- From: "Tom Scavo" <>
- To: OpenSAML <>
- Subject: encoding an X.509 certificate
- Date: Wed, 5 Nov 2008 08:52:47 -0500
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=rJ7dwHgA7+6827SDFE5hM5p0iOJ1V1zxXn6EHwfNhP1qL+SmvB0qI43mS9N1lZeDys zPcWFYFyiWDa42gNLc9Wruaa49rX9egZfBy82swukFnntQRqpUP1JqIy4L83wdKvlpRk 74L6jRQOkn+DnsWGkQb5v1Taou6LWnkGyq0t8=
Currently there are three profiles before the OASIS Security Services
Technical Committee (SSTC) that rely on XML elements of the form:
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIDuDCC...
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
Interestingly, the above element has sparked a vigorous debate within
the SSTC, which has spread to the W3C XML Signature WG. The issue
involves the ASN.1 encoding of the underlying certificate.
Specifically, should the certificate be DER-encoded or should the
encoding be left unspecified?
So my question is: If you were given an X.509 certificate of unknown
encoding, could you determine the encoding by simply inspecting the
bytes? Does the OpenSAML library support such a function?
Thanks for shedding some light on this issue.
Tom
- encoding an X.509 certificate, Tom Scavo, 11/05/2008
- Re: [OpenSAML] encoding an X.509 certificate, Chad La Joie, 11/05/2008
- RE: [OpenSAML] encoding an X.509 certificate, Scott Cantor, 11/05/2008
- Message not available
- Re: [OpenSAML] encoding an X.509 certificate, Tom Scavo, 11/05/2008
- RE: [OpenSAML] encoding an X.509 certificate, Scott Cantor, 11/05/2008
- Re: [OpenSAML] encoding an X.509 certificate, Tom Scavo, 11/05/2008
- Re: [OpenSAML] encoding an X.509 certificate, Chad La Joie, 11/05/2008
Archive powered by MHonArc 2.6.16.