- From: Ed Simon <edsimon@xmlsec.com>
- Date: Mon, 18 Jun 2007 14:14:30 -0400
- To: <public-xmlsec-maintwg@w3.org>
Yes, I think reversibility is an issue and I agree with Sean's comments (which you seem to have attributed to me). Given the potential for non-reversibility to result in false negatives or inoperable applications, I agree that XMLSig DName encoding rules should address the last paragraph of Section 5.2 in RFC 4514: http://tools.ietf.org/html/rfc4514 In retrospect, from a standards management perspective, I wonder if it would not be better to separate the <KeyInfo> element from the auspices of XML Signature given that it has broad implications beyond XML Signature (e.g. XML Encryption, XKMS, WS-I Basic Security Profile, etc.). Ed _____________________________ Ed Simon <edsimon@xmlsec.com> Principal, XMLsec Inc. (613) 726-9645 Interested in XML, Web Services, or Security? Visit "http://www.xmlsec.com". New! "Privacy Protection for E-Services" published by Idea Group (ISBN: 1-59140-914-4 for hard cover, 1-59140-915-2 for soft cover). Includes a chapter, by Ed Simon, on "Protecting Privacy Using XML, XACML, and SAML". See the Table of Contents here: "http://tinyurl.com/rukr4". -----Original Message----- From: public-xmlsec-maintwg-request@w3.org [mailto:public-xmlsec-maintwg-request@w3.org] On Behalf Of Juan Carlos Cruellas Sent: June 18, 2007 11:57 To: public-xmlsec-maintwg@w3.org Subject: Additional issue on RFC 2253 usage in relation with XMLSig: On the capability of the RFC2253 "CN=Sam"encoding form for identifying a Certificate. Dear all, I understood in our last conference call that Frederick suggested to summarize the issues related to the RFC 2253 stuff within XMLSig. In addition to the RFC 2253 encoding stuff that we have been discussing in a separated thread, and which has been summarized by Thomas, who has raised a proposal last week, I would like to remind an issue that I raised in http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/0021.html and that was commented by Ed in http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/0024.html This issue deals with the fact that both RFC 2253 and RFC 4514 make it clear that the String representation using short names and string values for for representing DNs may put problems when trying to identifying without ambiguity the corresponding certificate... Could we deal with this, once we have agreed on the encoding issue? Regards Juan Carlos.
Received on Monday, 18 June 2007 18:14:01 UTC