W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

RE: XML versus ASN.1/DER blob

From: Ko Fujimura <fujimura@isl.ntt.co.jp>
Date: Wed, 21 Apr 1999 12:01:05 +0900
Message-ID: <14109.16241.131476.17174B@renoir.isl.ntt.co.jp>
To: rdbrown@globeset.com
Cc: w3c-xml-sig-ws@w3.org
At Tue, 20 Apr 1999 18:52:25 -0500,
Richard D. Brown <rdbrown@globeset.com> wrote:
> 
> I certainly do not refute X509 or PKIX. I refute PKCS#7 for encoding the
> signature value. PKCS#7 does not address the issues that you have listed -
> PKIX and X509 do (to some extent). Also, recall that there are frameworks
> that do not even make use of digital certificates - These, for sure, do not
> really care about PKIX and X509...

I agree. Our digital ticket system is the application which do not
require PKIX and X509 ... I believe that there are many other
applications which do not require any PK certificates. Because, a PK 
certificate is a document which binds a PK and identity, but identity is 
not required for all application. 

Of course, if an application requires X509 or PKIX certificates, then the
verification system must interprets the ASN.1/DER blob. But it is an
option, I believe.

I also think that a PK certificate can be/should be a "normal" singed
XML document which describes an assertion on the PK for the application. 

Regards,

Ko
o---------------------------------------------------------o
o      Ko Fujimura         Email: fujimura@isl.ntt.co.jp  o
o---------------------------------------------------------o
o NTT Information Sharing Platform Labs, Security Project o
o 1-1 Hikarinooka, Yokosuka-shi, Kanagawa 239-0847, JAPAN o
o Tel: +81-(0)468-59-3814         Fax: +81-(0)468-59-8329 o
o---------------------------------------------------------o
Received on Tuesday, 20 April 1999 23:01:12 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 11:28:04 EDT