W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

RE: XML interface with URIs

From: Phillip M Hallam-Baker <pbaker@verisign.com>
Date: Mon, 26 Apr 1999 13:01:55 -0400
To: <rdbrown@GlobeSet.com>, "'Bede McCall'" <bede@mitre.org>, <w3c-xml-sig-ws@w3.org>
Message-ID: <001a01be9006$7d184a60$6e07a8c0@pbaker-pc.verisign.com>
> 1 - What do people refer to by CMS? CMS as specified by PKIX or
> PKCS#7 from
> RSA.

CMS is the IETF interpretation of PKCS#7. At this point CMS is the
standard to reference.

> 2 - CMS implementations usually require the certificate-chain to be either
> refer to or pass as an argument. What is the impact on XML-DSIG
> implementation? Other crypto-algorithms require only the private-key.

I think as far as 'blobism' goes it is the detached signature blob which
is of interest - everything within the signature envelope.

PKI implementations require a certificate chain to authenticate a
signed object, at least according to PKI as we know it. Whether the
certificates are sent with the message, retrieved from a server
or directory there is a need to authenticate public keys in some
manner.

I don't know of any PKI, including PGP which does not have such
a constraint. Certainly certificate chain transport is something
the XML spec has to address. It is not something which I would
want to insist on CMS to achieve however. Signature blobs stripped
of the cert chain achieve the backwards compatibility we need.

> Also, we can make sure that the specification provides for CMS without
> making CMS mandatory. Actually, I would certainly vote against such a
> proposition.

Votes? What votes?


		Phill
Received on Tuesday, 27 April 1999 13:00:45 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 11:28:04 EDT