- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Mon, 04 Dec 2000 16:05:31 -0500
- To: <dick@8760.com>
- Cc: <hal@finney.org>, <xml-encryption@w3.org>
Hi Dick, One of the nice thing about XML based technologies is that it is very extensible. For instance, Simon easily extended Signature for use with ECC IDs/structures [0]. In terms of encryption key structures I'd expect the WG to provide a key structure for the mandatory algorithms that require a format (if it doesn't already exist.) A simple PGP structure is already defined in xmldsig in [1] . Otherwise, the requirements over algorithms and key structures will be put to the WG via the requirements document [2] and I think this will be influenced by members sense of what the dominant algorithms are, and what's been written (e.g., someone wrote up text for a set of algorithms like [0]) and what will be implemented (e.g., those algorithms/structures during interop.) So with respect to your request of "support" PGP, could you be specific so I can include it in [2]? Are you advocating it be the mandatory algorithm in one or more of the algorithm types, or a particular key structure? [0] http://search.ietf.org/internet-drafts/draft-blake-wilson-xmldsig-ecdsa-00.txt [1] http://www.w3.org/TR/2000/CR-xmldsig-core-20001031/ [2] http://www.w3.org/2000/11/15-xml-encryption-req.html At 10:45 12/2/2000 -0600, Dick Brooks wrote: >Regard Hal Finney's comment: > > > From the security perspective, there exist deployed keys and PKIs > > and there is a desire to extend the functionality of this existing > > infrastructure to be able to secure XML documents. From this perspective, > > it is desirable to make sure that existing keys are supported by the > > XML security specs. > > > >I completely agree with the position that XML-encryption make use of >existing >and ubiquitous keys, especially keys used by PGP. In 1996, the >Department of Energy mandated that every Interstate Natural Gas Pipeline >Company use PGP to >sign/encrypt Internet E-Commerce transactions. The DOE mandate was based on >standards specified >by the Gas Industry Standards Board, Electronic Delivery Mechanism (GISB >EDM). Within the >past two years various state Public Utility Commissions have adopted the >GISB EDM standard for >Internet E-Commerce transactions within the Electric Industry. > >Enron, one of the largest Energy companies in the U.S. has conducted over >$183 Billion >in Internet E-Commerce, ref: >http://www.computerworld.com/cwi/story/0,1199,NAV47_STO54149,00.html >Enron was the first company to use the GISB EDM standard for Internet >E-Commerce >in April of 1997. > >As co-chairman of GISB's EDM committee I respectfully request that members >of the >XML encryption workgroup include a requirement to support PGP. > >Dick Brooks (co-chair GISB EDM committee) >Group 8760 >110 12th Street North >Birmingham, AL 35203 >dick@8760.com >205-250-8053 >Fax: 205-250-8057 >http://www.8760.com/ > >InsideAgent - Empowering e-commerce solutions __ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Monday, 4 December 2000 16:06:15 UTC