W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

Re: Signatures draft

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Tue, 15 Feb 2000 08:15:47 -0500
Message-Id: <200002151315.IAA17631@torque.pothole.com>
To: tgindin@us.ibm.com
cc: "Joseph M. Reagle Jr." <reagle@w3.org>, "John Messing" <jmessing@law-on-line.com>, "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>

I believe that a comparison of CMS/PKCS#7 and XMLDSIG Signature
capabilities would be very useful, although perhaps it should be a
separate document.

An example of s SignatureProperty is also useful, but I believe we
have one in an example in the current documentation.

An example showing ASN.1 would, in my opinion, detract from the
current syntax document if put there by adding needless complexity
that most readers would not understand.

Donald

From:  tgindin@us.ibm.com
Resent-Date:  Mon, 14 Feb 2000 18:23:02 -0500 (EST)
Resent-Message-Id:  <200002142323.SAA18189@www19.w3.org>
To:  "Joseph M. Reagle Jr." <reagle@w3.org>
cc:  "John Messing" <jmessing@law-on-line.com>,
            "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Message-ID:  <85256885.00806D85.00@D51MTA07.pok.ibm.com>
Date:  Mon, 14 Feb 2000 18:19:35 -0500

>     There is one wording error in section 5.2 - i.e. should be e.g. (for
>example rather than that is).  In the minutes of the IETF 46 meeting, this
>same issue came up as "what is equivalent to PKCS-7 Authenticated
>Attributes in the syntax".  It was suggested that an example of this should
>be included (presumably in the syntax draft), and none has been yet.
>     Since I was the one who suggested an example (passport check), here is
>the ASN.1 for the CMS or PKCS-7 equivalent, neglecting DER sorting and
>similar issues, and using a hybrid value notation to avoid separate
>definitions for the types and data here:
>
>     AuthenticatedAttributes ::= SET { PassportNumber, ChecksMade }
>
>     PassportNumber ::= SEQUENCE {
>          tempOID   OBJECT IDENTIFIER { 0 3 8232 4127 20000214 1 },
>          value          SET  {
>               val1 SEQUENCE {
>                    country        PrintableString "US",
>                    idnumber  UTF8String "555"
>               }
>          }
>
>     ChecksMade          ::= SEQUENCE {
>          tempOID2  OBJECT IDENTIFIER { 0 3 8232 4127 20000214 2 },
>          value2         SET  {
>               chks BIT STRING { picture(0) TRUE, gender(1) TRUE,
>approxAge(2) TRUE, eyeColor(3) FALSE }
>
>               }
>          }
>
>     I hope the notation is fairly clear.  The OID root is mine personally,
>if anybody is curious.  I think that we should have an XML equivalent in
>the draft showing what a SignatureProperty element representing at least
>one of these assertions would look like.
>
>          Tom Gindin
>
>
Received on Tuesday, 15 February 2000 08:15:40 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT