- From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
- Date: Tue, 15 Feb 2000 22:26:20 -0500
- To: tgindin@us.ibm.com
- cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Guess I was a little confused.
There is an example of SignatureProperties in the recently announced
(today) editorial iterim version.
Donald
From: tgindin@us.ibm.com
Resent-Date: Tue, 15 Feb 2000 10:11:55 -0500 (EST)
Resent-Message-Id: <200002151511.KAA04656@www19.w3.org>
X-Lotus-FromDomain: IBMUS
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
cc: "Joseph M. Reagle Jr." <reagle@w3.org>,
"John Messing" <jmessing@law-on-line.com>,
"IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Message-ID: <85256886.0053731B.00@D51MTA07.pok.ibm.com>
Date: Tue, 15 Feb 2000 10:08:17 -0500
>
>"Donald E. Eastlake 3rd" <dee3@torque.pothole.com> on 02/15/2000 08:15:47
>AM
>
>To: Tom Gindin/Watson/IBM@IBMUS
>cc: "Joseph M. Reagle Jr." <reagle@w3.org>, "John Messing"
> <jmessing@law-on-line.com>, "IETF/W3C XML-DSig WG"
> <w3c-ietf-xmldsig@w3.org>
>Subject: Re: Signatures draft
>
>
>
>
>I believe that a comparison of CMS/PKCS#7 and XMLDSIG Signature
>capabilities would be very useful, although perhaps it should be a
>separate document.
>
>An example of s SignatureProperty is also useful, but I believe we
>have one in an example in the current documentation.
>
>[Tom Gindin] Where? I don't see any such example in the current core
>document. There are schema and DTD definitions for SignatureProperty, but
>the only example seems to be section 10, which does not use
>SignatureProperty (nor Object nor Manifest, for that matter).
>
>An example showing ASN.1 would, in my opinion, detract from the
>current syntax document if put there by adding needless complexity
>that most readers would not understand.
>
>[Tom Gindin] An example with ASN.1 would only be appropriate for a
>comparison of CMS/PKCS#7 with XMLDSIG.
>
>Donald
>
>From: tgindin@us.ibm.com
>Resent-Date: Mon, 14 Feb 2000 18:23:02 -0500 (EST)
>Resent-Message-Id: <200002142323.SAA18189@www19.w3.org>
>To: "Joseph M. Reagle Jr." <reagle@w3.org>
>cc: "John Messing" <jmessing@law-on-line.com>,
> "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
>Message-ID: <85256885.00806D85.00@D51MTA07.pok.ibm.com>
>Date: Mon, 14 Feb 2000 18:19:35 -0500
>
>> There is one wording error in section 5.2 - i.e. should be e.g. (for
>>example rather than that is). In the minutes of the IETF 46 meeting, this
>>same issue came up as "what is equivalent to PKCS-7 Authenticated
>>Attributes in the syntax". It was suggested that an example of this
>should
>>be included (presumably in the syntax draft), and none has been yet.
>> Since I was the one who suggested an example (passport check), here
>is
>>the ASN.1 for the CMS or PKCS-7 equivalent, neglecting DER sorting and
>>similar issues, and using a hybrid value notation to avoid separate
>>definitions for the types and data here:
>>
>> AuthenticatedAttributes ::= SET { PassportNumber, ChecksMade }
>>
>> PassportNumber ::= SEQUENCE {
>> tempOID OBJECT IDENTIFIER { 0 3 8232 4127 20000214 1 },
>> value SET {
>> val1 SEQUENCE {
>> country PrintableString "US",
>> idnumber UTF8String "555"
>> }
>> }
>>
>> ChecksMade ::= SEQUENCE {
>> tempOID2 OBJECT IDENTIFIER { 0 3 8232 4127 20000214 2 },
>> value2 SET {
>> chks BIT STRING { picture(0) TRUE, gender(1) TRUE,
>>approxAge(2) TRUE, eyeColor(3) FALSE }
>>
>> }
>> }
>>
>> I hope the notation is fairly clear. The OID root is mine
>personally,
>>if anybody is curious. I think that we should have an XML equivalent in
>>the draft showing what a SignatureProperty element representing at least
>>one of these assertions would look like.
>>
>> Tom Gindin
>
>
Received on Tuesday, 15 February 2000 22:26:09 UTC