W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

Re: Signatures draft

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Tue, 15 Feb 2000 22:26:20 -0500
Message-Id: <200002160326.WAA18874@torque.pothole.com>
To: tgindin@us.ibm.com
cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>

Guess I was a little confused.

There is an example of SignatureProperties in the recently announced
(today) editorial iterim version.

Donald

From:  tgindin@us.ibm.com
Resent-Date:  Tue, 15 Feb 2000 10:11:55 -0500 (EST)
Resent-Message-Id:  <200002151511.KAA04656@www19.w3.org>
X-Lotus-FromDomain:  IBMUS
To:  "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
cc:  "Joseph M. Reagle Jr." <reagle@w3.org>,
            "John Messing" <jmessing@law-on-line.com>,
            "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Message-ID:  <85256886.0053731B.00@D51MTA07.pok.ibm.com>
Date:  Tue, 15 Feb 2000 10:08:17 -0500

>
>"Donald E. Eastlake 3rd" <dee3@torque.pothole.com> on 02/15/2000 08:15:47
>AM
>
>To:   Tom Gindin/Watson/IBM@IBMUS
>cc:   "Joseph M. Reagle Jr." <reagle@w3.org>, "John Messing"
>      <jmessing@law-on-line.com>, "IETF/W3C XML-DSig WG"
>      <w3c-ietf-xmldsig@w3.org>
>Subject:  Re: Signatures draft
>
>
>
>
>I believe that a comparison of CMS/PKCS#7 and XMLDSIG Signature
>capabilities would be very useful, although perhaps it should be a
>separate document.
>
>An example of s SignatureProperty is also useful, but I believe we
>have one in an example in the current documentation.
>
>[Tom Gindin]   Where?  I don't see any such example in the current core
>document.  There are schema and DTD definitions for SignatureProperty, but
>the only example seems to be section 10, which does not use
>SignatureProperty (nor Object nor Manifest, for that matter).
>
>An example showing ASN.1 would, in my opinion, detract from the
>current syntax document if put there by adding needless complexity
>that most readers would not understand.
>
>[Tom Gindin]   An example with ASN.1 would only be appropriate for a
>comparison of CMS/PKCS#7 with XMLDSIG.
>
>Donald
>
>From:  tgindin@us.ibm.com
>Resent-Date:  Mon, 14 Feb 2000 18:23:02 -0500 (EST)
>Resent-Message-Id:  <200002142323.SAA18189@www19.w3.org>
>To:  "Joseph M. Reagle Jr." <reagle@w3.org>
>cc:  "John Messing" <jmessing@law-on-line.com>,
>            "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
>Message-ID:  <85256885.00806D85.00@D51MTA07.pok.ibm.com>
>Date:  Mon, 14 Feb 2000 18:19:35 -0500
>
>>     There is one wording error in section 5.2 - i.e. should be e.g. (for
>>example rather than that is).  In the minutes of the IETF 46 meeting, this
>>same issue came up as "what is equivalent to PKCS-7 Authenticated
>>Attributes in the syntax".  It was suggested that an example of this
>should
>>be included (presumably in the syntax draft), and none has been yet.
>>     Since I was the one who suggested an example (passport check), here
>is
>>the ASN.1 for the CMS or PKCS-7 equivalent, neglecting DER sorting and
>>similar issues, and using a hybrid value notation to avoid separate
>>definitions for the types and data here:
>>
>>     AuthenticatedAttributes ::= SET { PassportNumber, ChecksMade }
>>
>>     PassportNumber ::= SEQUENCE {
>>          tempOID   OBJECT IDENTIFIER { 0 3 8232 4127 20000214 1 },
>>          value          SET  {
>>               val1 SEQUENCE {
>>                    country        PrintableString "US",
>>                    idnumber  UTF8String "555"
>>               }
>>          }
>>
>>     ChecksMade          ::= SEQUENCE {
>>          tempOID2  OBJECT IDENTIFIER { 0 3 8232 4127 20000214 2 },
>>          value2         SET  {
>>               chks BIT STRING { picture(0) TRUE, gender(1) TRUE,
>>approxAge(2) TRUE, eyeColor(3) FALSE }
>>
>>               }
>>          }
>>
>>     I hope the notation is fairly clear.  The OID root is mine
>personally,
>>if anybody is curious.  I think that we should have an XML equivalent in
>>the draft showing what a SignatureProperty element representing at least
>>one of these assertions would look like.
>>
>>          Tom Gindin
>
>
Received on Tuesday, 15 February 2000 22:26:09 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT