Re: Signatures draft

I believe that a comparison of CMS/PKCS#7 and XMLDSIG Signature
capabilities would be very useful, although perhaps it should be a
separate document.

An example of s SignatureProperty is also useful, but I believe we
have one in an example in the current documentation.

An example showing ASN.1 would, in my opinion, detract from the
current syntax document if put there by adding needless complexity
that most readers would not understand.

Donald

From:  tgindin@us.ibm.com
Resent-Date:  Mon, 14 Feb 2000 18:23:02 -0500 (EST)
Resent-Message-Id:  <200002142323.SAA18189@www19.w3.org>
To:  "Joseph M. Reagle Jr." <reagle@w3.org>
cc:  "John Messing" <jmessing@law-on-line.com>,
            "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Message-ID:  <85256885.00806D85.00@D51MTA07.pok.ibm.com>
Date:  Mon, 14 Feb 2000 18:19:35 -0500

>     There is one wording error in section 5.2 - i.e. should be e.g. (for
>example rather than that is).  In the minutes of the IETF 46 meeting, this
>same issue came up as "what is equivalent to PKCS-7 Authenticated
>Attributes in the syntax".  It was suggested that an example of this should
>be included (presumably in the syntax draft), and none has been yet.
>     Since I was the one who suggested an example (passport check), here is
>the ASN.1 for the CMS or PKCS-7 equivalent, neglecting DER sorting and
>similar issues, and using a hybrid value notation to avoid separate
>definitions for the types and data here:
>
>     AuthenticatedAttributes ::= SET { PassportNumber, ChecksMade }
>
>     PassportNumber ::= SEQUENCE {
>          tempOID   OBJECT IDENTIFIER { 0 3 8232 4127 20000214 1 },
>          value          SET  {
>               val1 SEQUENCE {
>                    country        PrintableString "US",
>                    idnumber  UTF8String "555"
>               }
>          }
>
>     ChecksMade          ::= SEQUENCE {
>          tempOID2  OBJECT IDENTIFIER { 0 3 8232 4127 20000214 2 },
>          value2         SET  {
>               chks BIT STRING { picture(0) TRUE, gender(1) TRUE,
>approxAge(2) TRUE, eyeColor(3) FALSE }
>
>               }
>          }
>
>     I hope the notation is fairly clear.  The OID root is mine personally,
>if anybody is curious.  I think that we should have an XML equivalent in
>the draft showing what a SignatureProperty element representing at least
>one of these assertions would look like.
>
>          Tom Gindin
>
>

Received on Tuesday, 15 February 2000 08:15:40 UTC