W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

RE: Example of XML-DSIG and CMS

From: Phillip M Hallam-Baker <pbaker@verisign.com>
Date: Fri, 30 Apr 1999 11:36:55 -0400
To: <rdbrown@globeset.com>, <dee3@us.ibm.com>, "'XML-DSig Workshop'" <w3c-xml-sig-ws@w3.org>
Message-ID: <000f01be931f$46d0a260$6e07a8c0@pbaker-pc.verisign.com>

> This simple approach should work, but, as you have mentioned in your
> previous email, there will be a lot of redundant pieces of information
> between the Manifest and the encoded CMS blob. Also, I think we should
> mandate that the CMS blob SHALL NOT contain any authenticated attribute.
> Also, if we were to consider "crypto-engines", none SHALL be made 
> mandatory.

The whole point of using CMS is to use the authenticated attributes.

Without authenticated attributes the CMS wrapping arround the .sig 
is pure wasted bytes.


	Phill
Received on Friday, 30 April 1999 11:35:43 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 11:28:04 EDT