W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

Re: Signatures draft

From: <tgindin@us.ibm.com>
Date: Mon, 14 Feb 2000 18:19:35 -0500
To: "Joseph M. Reagle Jr." <reagle@w3.org>
cc: "John Messing" <jmessing@law-on-line.com>, "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Message-ID: <85256885.00806D85.00@D51MTA07.pok.ibm.com>
     There is one wording error in section 5.2 - i.e. should be e.g. (for
example rather than that is).  In the minutes of the IETF 46 meeting, this
same issue came up as "what is equivalent to PKCS-7 Authenticated
Attributes in the syntax".  It was suggested that an example of this should
be included (presumably in the syntax draft), and none has been yet.
     Since I was the one who suggested an example (passport check), here is
the ASN.1 for the CMS or PKCS-7 equivalent, neglecting DER sorting and
similar issues, and using a hybrid value notation to avoid separate
definitions for the types and data here:

     AuthenticatedAttributes ::= SET { PassportNumber, ChecksMade }

     PassportNumber ::= SEQUENCE {
          tempOID   OBJECT IDENTIFIER { 0 3 8232 4127 20000214 1 },
          value          SET  {
               val1 SEQUENCE {
                    country        PrintableString "US",
                    idnumber  UTF8String "555"

     ChecksMade          ::= SEQUENCE {
          tempOID2  OBJECT IDENTIFIER { 0 3 8232 4127 20000214 2 },
          value2         SET  {
               chks BIT STRING { picture(0) TRUE, gender(1) TRUE,
approxAge(2) TRUE, eyeColor(3) FALSE }


     I hope the notation is fairly clear.  The OID root is mine personally,
if anybody is curious.  I think that we should have an XML equivalent in
the draft showing what a SignatureProperty element representing at least
one of these assertions would look like.

          Tom Gindin
Received on Monday, 14 February 2000 18:22:57 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:33 UTC