Share via


Answer to the Trivial Question

The answer to the trivial question from my blog based upon the March 8, 2006 WebCasts “Least Privilege Development and New System.Security Features” is below:

 

Question:  

The KeyInfo element can consist of either a <KeyName/> or a <RetrievalMethod/> child element.  What is the purpose of each element and what are the differences between the two elements?

 

Answer:

Both elements are used to provide additional information about KeyInfo:

 

KeyName - is a string identifying a key pair [key identifier].  Something along the lines of <!ELEMENT KeyName (#PCDATA)>

 

RetrievalMethod - on the other hand retrieval method is a reference to a remote source that can be used to gather information about the KeyInfo.

 

For instance, signatures in a document may use a key verified by a certificate chain appearing once in a document or remotely outside the document; where each signature's KeyInfo can reference this chain using a single RetrievalMethod.

 

Difference:

One element is a string that has the potential to indirectly identify a key while the other is used as direct reference.

 

We now have our three winners.  Thank you everyone for attending the Webcast and look forward to seeing you next week.