W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

RE: Example of XML-DSIG and CMS

From: Richard D. Brown <rdbrown@GlobeSet.com>
Date: Fri, 30 Apr 1999 13:31:12 -0500
To: "'Phillip M Hallam-Baker'" <pbaker@verisign.com>, <dee3@us.ibm.com>, "'XML-DSig Workshop'" <w3c-xml-sig-ws@w3.org>
Message-ID: <002301be9337$a068ce20$0bc0010a@artemis.globeset.com>
Phill,

Sorry, but I do not get your point, unless your refer to the mandatory
attributes for a detached-signature (content-type, and digest-value).

Sincerely,

Richard D. Brown


> -----Original Message-----
> From: w3c-xml-sig-ws-request@w3.org
> [mailto:w3c-xml-sig-ws-request@w3.org]On Behalf Of Phillip M
> Hallam-Baker
> Sent: Friday, April 30, 1999 10:37 AM
> To: rdbrown@GlobeSet.com; dee3@us.ibm.com; 'XML-DSig Workshop'
> Subject: RE: Example of XML-DSIG and CMS
>
>
>
> > This simple approach should work, but, as you have mentioned in your
> > previous email, there will be a lot of redundant pieces of
> information
> > between the Manifest and the encoded CMS blob. Also, I
> think we should
> > mandate that the CMS blob SHALL NOT contain any
> authenticated attribute.
> > Also, if we were to consider "crypto-engines", none SHALL be made
> > mandatory.
>
> The whole point of using CMS is to use the authenticated attributes.
>
> Without authenticated attributes the CMS wrapping arround the .sig
> is pure wasted bytes.
>
>
> 	Phill
>
Received on Friday, 30 April 1999 14:31:29 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 11:28:04 EDT