- From: Phillip M Hallam-Baker <pbaker@verisign.com>
- Date: Fri, 30 Apr 1999 11:36:55 -0400
- To: <rdbrown@globeset.com>, <dee3@us.ibm.com>, "'XML-DSig Workshop'" <w3c-xml-sig-ws@w3.org>
> This simple approach should work, but, as you have mentioned in your > previous email, there will be a lot of redundant pieces of information > between the Manifest and the encoded CMS blob. Also, I think we should > mandate that the CMS blob SHALL NOT contain any authenticated attribute. > Also, if we were to consider "crypto-engines", none SHALL be made > mandatory. The whole point of using CMS is to use the authenticated attributes. Without authenticated attributes the CMS wrapping arround the .sig is pure wasted bytes. Phill
Received on Friday, 30 April 1999 11:35:43 UTC