W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2003

Re: X.509 certificate

From: Rich Salz <rsalz@datapower.com>
Date: Fri, 17 Jan 2003 21:16:29 -0500 (EST)
To: Joseph Swaminathan <jswamina@cisco.com>
cc: "w3c-ietf-xmldsig@w3.org" <w3c-ietf-xmldsig@w3.org>
Message-ID: <Pine.LNX.4.44L0.0301172115070.28170-100000@smtp.datapower.com>

>     One of the advantage of XMLDSIG over PKCS, I read,
> is the textual format instead of binary ASN.1 format.
> But when it comes to certificates, it is still X.509
> certificate which is in binary format. So for a box
> to support XMLDSIG, it needs to have both XML parser
> as well as ASN.1 parser isnt' it.

You could use RSA key values and SAML for authentication.

If you want to interoperate with existing PKI, then yes, you basically
have to do ASN.1.  But an all-XML approach might be better.
        /r$
Received on Friday, 17 January 2003 21:16:30 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:16 GMT