W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2001

RE: What to do with CryptoBinary?

From: Brian LaMacchia <bal@microsoft.com>
Date: Mon, 26 Mar 2001 19:28:12 -0800
Message-ID: <BCDB2C3F59F5744EBE37C715D66E779CEAB614@red-msg-04.redmond.corp.microsoft.com>
To: "Joseph M. Reagle Jr." <reagle@w3.org>, <Noah_Mendelsohn@lotus.com>
Cc: <w3c-ietf-xmldsig@w3.org>, <xmlschema-dev@w3.org>, <xmlschema-dev-request@w3.org>
CryptoBinary and base64Binary are not exactly equivalent -- there are
further restrictions on a CryptoBinary because it is a representation of
a single bignum.  From the latest DSIG draft, section 6.4, is this
implicit definition of the CryptoBinary format:

	Arbitrary-length integers (e.g. "bignums") are represented in
XML as 	octet strings. The integer value is first converted to a "big
endian" 	bitstring. The bitstring is then padded with leading
zero bits so that 	the total number of bits == 0 mod 8 (so that
there are an integral 	number of octets). If the bitstring contains
entire leading octets 	that are zero, these are removed (so the
high-order octet is always 	non-zero). This octet string is then
base64 [MIME] encoded. (The 	conversion from integer to octet string
is equivalent to IEEE 1363's 	I2OSP [1363] with minimal length).

There's no difference in the schema definition, at least as it is today,
but there is a semantic difference.

					--bal

-----Original Message-----
From: Joseph M. Reagle Jr. [mailto:reagle@w3.org] 
Sent: Monday, March 26, 2001 3:12 PM
To: Noah_Mendelsohn@lotus.com
Cc: w3c-ietf-xmldsig@w3.org; xmlschema-dev@w3.org;
xmlschema-dev-request@w3.org
Subject: Re: What to do with CryptoBinary?

At 17:54 3/26/2001 -0500, Noah_Mendelsohn@lotus.com wrote:
>I don't claim to be an expert on the digital signatures specification,

Thanks for your response Noah. I should've provided a reference, but
there 
is really nothing more to CryptoBinary than the schema definition.

>http://www.w3.org/TR/2000/CR-xmldsig-core-20001031/#sec-CoreSyntax
>    <simpleType name="CryptoBinary">
>      <restriction base="binary">
>       <encoding value="base64"/>
>      </restriction>
>    </simpleType>


>my quick reading of it suggests that CryptoBinary is not just any
base64
>binary

It is that simple. It's used as the type for SignatureValue,
DigestValue, 
X509SKI, X509Certificate,  X509CRL, PGPKeyPacket, and all the DSA/RSA 
parameters. Consequently, it has to be generic, and given we decided to
go 
base64 in xmldsig, it made sense to simplify things and just create a
type 
for it.

>By specifically naming the
>digital signature type, you will allow behaviors to be applied to any
>information specifically coded in that manner.  The fact that the XML
>schema validation mechanisms provided no additional direct checking is
>unimportant, I think.

Even given what I said above, I'd be willing to take this as an argument
not 
to eliminate it -- that's the direction I'm leaning towards anyways
<smile/>.


__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Monday, 26 March 2001 23:15:40 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:12 GMT