> No - there is no validity check between the two. And in fact, because > of the potential uses of KeyInfo, it *might* be that incompatible key > values are valid.
Well, technically there is in the sense that a single KeyInfo is only supposed to represent one key. If you have a KeyValue and a cert, if the public key didn't match, you're arguably off the spec a little, unless both sides understand why they're doing it. > XKMS is a particular example - I can do a LocateRequest for "Berin > Lautenbach" as a KeyName. The response could include a RSA key, known > to be good, together with a cert for a separate key. Both will be > returned in the same KeyInfo structure. If XKMS says to do that, I think they need to read the spec again. ;-) -- Scott
