W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2003


From: Tom Gindin <tgindin@us.ibm.com>
Date: Mon, 24 Feb 2003 08:09:25 -0500
To: "Phillip H. Griffin" <phil.griffin@asn-1.com>
Cc: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>, DEMERJIAN <demerjia@enst.fr>, w3c-ietf-xmldsig@w3.org
Message-ID: <OF7E8982FD.079AAAC5-ON85256CD7.00476356@pok.ibm.com>


      While CMS is essentially a replacement for PKCS#7, S/MIME is not.
S/MIME does have a body part type (application/pkcs7-mime) which is defined
to carry PKCS#7 or CMS objects.
      To the best of my recollection, there were efforts to have XMLDSIG
include the core functionality of the CMS SignedData type, and at least the
SignatureProperties type was partly motivated by this.

            Tom Gindin

"Phillip H. Griffin" <phil.griffin@asn-1.com>@w3.org on 02/24/2003 07:53:20

Sent by:    w3c-ietf-xmldsig-request@w3.org

To:    Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
cc:    DEMERJIAN <demerjia@enst.fr>, w3c-ietf-xmldsig@w3.org

I believe the Kaliski statement is essentially correct. PKCS #7 also
goes by the name CMS or Cryptographic Message Syntax, and in the
IETF by SMIME or S/MIME. If you read carefully the June 1999
thread on "Some possible rqmt/design points" and even much earlier,
you'll see that CMS processing and capability were clearly on the minds
of some designers. For example, from

"Additional thoughts from my notes on the requirements front. Some of
these may be in between requirements and design, and aren't in a
particular order.  Also, they're in the spirit of trying to leverage
much of the CMS experience. I think attention to the validation logic
is particularly important. (By the way, I know I included the "no
criticality" point twice)"

Of course, that is not to say that xmldsig is an XML version of CMS.
That would be
true only of the X9.96 XML CMS work going on in ANSI, or to some degree
the use
of XML encoded CMS components in the X9.95 Trusted Time Stamp, X9.84:2003
Biometric Information Management and Security, or OASIS XCBF works.

And xmldsig provides functionality and a document view not directly
supported in CMS,
which takes a message view of signed content. And the cryptographic
processing and
scope of CMS take on far more than just digital signature. Two different
things really,
and the part of CMS that would be closest to xmldsig would seem to be

Phil Griffin

Christian Geuer-Pollmann wrote:

> Hi Jacques,
> from what I see, the document you cite is from July 1997. I don't know
> what Mr. Kaliski and Mr. Kingdon want to express by saying "basis".
> (1) XML Signature relies on X.509 certificates for representing
> --well-- X.509 certificates.
> (2) It does *not* use PKCS#7 as message syntax format.
> (3) If you look at <http://www.w3.org/TR/xmldsig-core/#ref-PKCS1>, it
> cites PKCS#1 as XML Signature uses RSA, but that's all.
> Kind regards,
> Christian
> --On Montag, 24. Februar 2003 11:28 +0100 DEMERJIAN <demerjia@enst.fr>
> wrote:
>> In the [Extensions and Revisions to PKCS #7 - Burton S. Kaliski Jr.,
>> Ph.D. and Kevin W. Kingdon 1 - An RSA Laboratories Technical Note - May
>> 13, 1997 -
>> http://security.ece.orst.edu/koc/ece575/rsalabs/bulletn6.pdf ]
>> thay said that :
>> { PKCS#7 has become the basis of S/MIME, SET, ....also PKCS#7 become a
>> basis for message security in systems as diverse as the W3C Digital
>> Signature Initiative, ...}.
>> My question is : What they mean about basis  .
>> Does xmlDSIG use pkcs#7? or xmlDSIG uses the same method (or logic) as
>> that of pkcs#7?  What is the relation between pkcs#7 and XMLDSIG?
>> Thanks
>> jacques
Received on Monday, 24 February 2003 08:10:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:38 UTC