W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

Re: XML interface with URIs

From: Bob Relyea <relyea@netscape.com>
Date: Tue, 27 Apr 1999 09:52:12 -0700
Message-ID: <3725EB3C.F6FFF65B@netscape.com>
To: rdbrown@globeset.com
CC: "'Phillip M Hallam-Baker'" <pbaker@verisign.com>, "'Bede McCall'" <bede@mitre.org>, w3c-xml-sig-ws@w3.org


"Richard D. Brown" wrote:

> Phill,
>
> Before agreeing on anything we have to understand the ins and outs of such a
> decision.
>
> For example:
>
> 1 - What do people refer to by CMS? CMS as specified by PKIX or PKCS#7 from
> RSA.
>
> 2 - CMS implementations usually require the certificate-chain to be either
> refer to or pass as an argument. What is the impact on XML-DSIG
> implementation? Other crypto-algorithms require only the private-key.

Do you mean the public key? I don't know of any protocols that transport the raw
private-key.
XML-DSIG should be able to work with certificate-chain's. That's what's actually
deployed. That's what actual production protocols use (SSL, S/MIME). I won't
argue against allowing public key only signatures.. it's just that, unless they
themselves are signed, not much a generic application can do with them.

bob

> Also, we can make sure that the specification provides for CMS without
> making CMS mandatory. Actually, I would certainly vote against such a
> proposition.

It should at least be a "should". You need at least one deployable solution that
works with existing PKI's if you are interested in any near term deployments.
Most importantly though, the spec should give the CMS profile. (that is if you
use CMS, this is what the tags look like).

bob
Received on Tuesday, 27 April 1999 12:52:51 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 11:28:04 EDT