W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

Re: XML certificate ...

From: Ken Goldman <kgold@watson.ibm.com>
Date: Wed, 10 May 2000 09:39:19 -0400
Message-Id: <200005101339.JAA38778@alpha.watson.ibm.com>
To: w3c-ietf-xmldsig@w3.org
Also new to the list.

ASN.1 is hard to read because it is so compact while XML is easy to
read because it's verbose.

For certificates, there is a big advantage to compactness, as they
often have to be stored on limited memory devices like smart cards.

I'd like to see a size comparison.  On a smart card, 100 bytes can be
very important.

Also, if the certificate is signed using a DSIG signature, including
the KeyInfo, which itself has a certificate, does this now require the
entire certificate chain to be included in each certificate?

> Date: Tue, 09 May 2000 19:06:37 -0500
> From: Gunther Schadow <gunther@aurora.rg.iupui.edu>
> I have just joined this list. I'm not sure whether this has been discussed
> here, but cursory searches have not exactly hit me with obvious results.
> So here goes:
> As the world reinvents everything using XML, might it not be time to do
> the same with certificates?  I think the world of certificates could 
> use a big shake-up.  Getting rid of X509 and ASN.1 would be a huge 
> reduction of burdon on any security implementation. It would make 
> certificate generation and interpretation a snip of a finger. 
> Compatibility with X509, SPKI, and PGP certificate products could be
> provided through XMLifying translators.  The goal would be to have one
> generic syntax that can support the approaches of X509, SPKI and PGP all
> without these stupid hassles that come with the different presentation 
> formats.
> Isn't there any such activity ongoing already? If not I'd be happy to
> hammer out a DTD that would cover X509, SPKI and PGP semantics. I just
> have to do this in order to not go insane over this ASN.1 business.
> The XML certificate specification could be using XML signature and
> XML canonicalization. However, canonicalization isn't exactly a
> requirement.

Ken Goldman   kgold@watson.ibm.com   914-784-7646
Received on Wednesday, 10 May 2000 09:39:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:33 UTC