Re: [ebxmlms-develop] Enhancement request - determining message s igner

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Dear Peter,

Your presumption exactly what I implemented, sorry that I didn't mention 
it clearly.

Regards,
Bob Koon

Mayne, Peter wrote:

> From: Bob Koon
> > 3) It will be hard to decide the behaviour if both CertResolver and 
> Trust store is set, since there may be case
> > that the cert cannot be gotten from the key info of the message.
>
> This is the case with messages we receive: the certificate is not 
> included in the KeyInfo.
>
> > The current implementation is that the CertResolver is used to 
> verify the signature, and then the trust store
> > is used to verify the cert path of the certificate from the 
> CertResolver.
>
> I presume you mean "the certificate returned by the CertResolver is 
> used to verify the signature".
>
> Why are you verifying the path of the certificate from CertResolver? 
> If my CertResolver is returning a certificate, then presumably that 
> certificate doesn't need to be further verified against the trust 
> store. I presume it's because by the time path is verified, you don't 
> know (or care) if the certificate came from the message or the 
> CertResolver, which is fine.
>
> PJDM
> -- 
> Peter Mayne
> Technology Consultant
> Spherion Technology Solutions
> Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602
> T: 61 2 62689727  F: 61 2 62689777
>
>The information contained in this email and any attachments to it:
>
>(a) may be confidential and if you are not the intended recipient, any interference with, 
>use, disclosure or copying of this material is unauthorised and prohibited; and
>
>(b) may contain personal information of the recipient and/or the sender as defined 
>under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to 
>collect, hold and use such information and any personal information contained in a 
>response to this email, for any reasonable purpose in the ordinary course of 
>Spherion's 
>business, including forwarding this email internally or disclosing it to a third party. All 
>personal information collected by Spherion will be handled in accordance with 
>Spherion's Privacy Policy. If you have received this email in error, please notify the 
>sender and delete it.
>
>(c) you agree not to employ or arrange employment for any candidate(s) supplied in 
>this email and any attachments without first entering into a contractual agreement with 
>Spherion. You further agree not to divulge any information contained in this document 
>to any person(s) or entities without the express permission of Spherion.
>
>
>  
>