Key Discovery In DTP Draft 3

Recordon, David drecordon at verisign.com
Fri Jan 5 18:19:13 UTC 2007


Nope, it is still part of the "KeyInfo" element defined at
http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-KeyInfo.

So my thought is the XRDS could look like:
<Service>
 
<Type>http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-KeyInfo</
Type>
  <ds:KeyInfo>
    <RetrievalMethod>
      <Type>http://www.w3.org/2000/09/xmldsig#PGPData</Type>
      <URI>http://www.example.com/pgp-key.xml</URI>
    </RetrievalMethod>
  </ds:KeyInfo>
</Service> 

Then http://www.example.com/pgp-key.xml would be:
<ds:KeyInfo>
  <PGPData>
    <PGPKeyID>...</PGPKeyID>
    <PGPKeyPacket>...</PGPKeyPacket>
  </PGPData>
</ds:KeyInfo>

Hans, does that look right (or close I think)?  I'm certainly not an
expert in this area.

--David

-----Original Message-----
From: grant.monroe at gmail.com [mailto:grant.monroe at gmail.com] On Behalf
Of Grant Monroe
Sent: Friday, January 05, 2007 10:09 AM
To: Recordon, David
Cc: Carl Howells; specs at openid.net
Subject: Re: Key Discovery In DTP Draft 3

That sounds fine. I have never heard of the RetrievalMethod element, so
I can't really speak to whether that is the way to go or not. Is it part
of XRDS?

On 1/5/07, Recordon, David <drecordon at verisign.com> wrote:
> True, though why not still use this XML structure and the 
> "RetrievalMethod" element within the XRDS so that can then point to a 
> remote "KeyInfo" element in another XML document?
>
> --David
>
> -----Original Message-----
> From: grant.monroe at gmail.com [mailto:grant.monroe at gmail.com] On Behalf

> Of Grant Monroe
> Sent: Friday, January 05, 2007 8:31 AM
> To: Recordon, David
> Cc: Carl Howells; specs at openid.net
> Subject: Re: Key Discovery In DTP Draft 3
>
> On 1/4/07, Recordon, David <drecordon at verisign.com> wrote:
> > Hey guys,
> > Was looking at
> > http://openid.net/specs/openid-service-key-discovery-1_0-01.html
> > tonight and curious why the decision was made to define the 
> > <PublicKey
>
> > /> element which contains a link to the RSA key or X.509 certificate

> > versus embedding the key in the XRDS file?
>
> I believe the rational was that KeyInfo objects can be quite large.
> Especially if you have multiple services using them. We were concerned

> about XRDSs getting really large. It doesn't make a whole lot of sense

> to download a key for a service entry you aren't even interested in.
>
> --
>  Grant Monroe
>  JanRain, Inc.
>
>


--
 Grant Monroe
 JanRain, Inc.



More information about the specs mailing list