- From: Bob Relyea <relyea@netscape.com>
- Date: Tue, 27 Apr 1999 09:52:12 -0700
- To: rdbrown@globeset.com
- CC: "'Phillip M Hallam-Baker'" <pbaker@verisign.com>, "'Bede McCall'" <bede@mitre.org>, w3c-xml-sig-ws@w3.org
"Richard D. Brown" wrote: > Phill, > > Before agreeing on anything we have to understand the ins and outs of such a > decision. > > For example: > > 1 - What do people refer to by CMS? CMS as specified by PKIX or PKCS#7 from > RSA. > > 2 - CMS implementations usually require the certificate-chain to be either > refer to or pass as an argument. What is the impact on XML-DSIG > implementation? Other crypto-algorithms require only the private-key. Do you mean the public key? I don't know of any protocols that transport the raw private-key. XML-DSIG should be able to work with certificate-chain's. That's what's actually deployed. That's what actual production protocols use (SSL, S/MIME). I won't argue against allowing public key only signatures.. it's just that, unless they themselves are signed, not much a generic application can do with them. bob > Also, we can make sure that the specification provides for CMS without > making CMS mandatory. Actually, I would certainly vote against such a > proposition. It should at least be a "should". You need at least one deployable solution that works with existing PKI's if you are interested in any near term deployments. Most importantly though, the spec should give the CMS profile. (that is if you use CMS, this is what the tags look like). bob
Received on Tuesday, 27 April 1999 12:52:51 UTC