InCommon metadata support

[Tom Scavo <>]

On Fri, Mar 28, 2014 at 7:03 PM, Cantor, Scott 
<>
 wrote:
> On 3/28/14, 6:51 PM, "Tom Scavo" 
> <>
>  wrote:
>>
>>those two files are not byte-for-byte equivalent since the metadata
>>signing certificate is different in each case (same signing key,
>>different certificate).
>
> I assume the digest and sig value are though.

Yes they are (I just checked).

> And since the cert inside the KeyInfo..

The legacy metadata file has *two* certs in KeyInfo (the legacy
metadata signing cert and the cert of the legacy CA that signed the
legacy metadata signing cert) whereas the new fallback aggregate has
just one cert in KeyInfo, the new metadata signing cert. Other than
that, the two metadata files are identical.

> There needs to be a byte for byte compare of the digest inputs between the
> signature computation of a failing example and a working example with the
> same file. If that matches, and the SignedInfo digest octets match, then
> there has to be more to the debug log indicating something else is
> involved.

Only Kathy can provide more info (by cranking up the log output).
Everything looks good on my end.

Tom