Ed writes: > The wonderful thing about XML Signature and XML Encryption is that it is very flexible in ways that simply were not possible with CMS and PKCS7. Although I agree with this in spirit, it's also our biggest problem in my opinion. To the extent that we enable app developers to reuse keys, combine signature/encryption, etc, we run risks of creating footholds for cryptanalysis that aren't present in PKCS7/CMS. Publishing a spec that puts the burden of cryptanalytic soundness on the app developer is a useless, probably even dangerous activity. Suppose I believe that CMS and PKCS7 have a sound treatment of signing and encryption from a cryptanalytic point of view. It would be great if I knew that any cryptanalytic attack on my XML Encryption/XML SIgnature application would lift to a PKCS 7 attack, ie, that my XML app is at least as secure as PKCS7. Maybe there could be PKCS7 "profile" or something? Whether this is possible or even a reasonable way to think of this I don't know. Thane Plambeck VeriSignReceived on Thursday, 22 March 2001 12:24:54 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT