RE: Additional issue on RFC 2253 usage in relation with XMLSig: On the capability of the RFC2253 "CN=Sam"encoding form for identifying a Certificate. from Ed Simon on 2007-06-18 (public-xmlsec-maintwg@w3.org from June 2007)

From: Ed Simon <edsimon@xmlsec.com>
Date: Mon, 18 Jun 2007 14:14:30 -0400
To: <public-xmlsec-maintwg@w3.org>
Message-ID: <002101c7b1d4$8e616880$6800a8c0@XMLSEC004>

Yes, I think reversibility is an issue and I agree with Sean's comments
(which you seem to have attributed to me). Given the potential for
non-reversibility to result in false negatives or inoperable applications, I
agree that XMLSig DName encoding rules should address the last paragraph of
Section 5.2 in RFC 4514:
http://tools.ietf.org/html/rfc4514

In retrospect, from a standards management perspective, I wonder if it would
not be better to separate the <KeyInfo> element from the auspices of XML
Signature given that it has broad implications beyond XML Signature (e.g.
XML Encryption, XKMS, WS-I Basic Security Profile, etc.).

Ed
_____________________________
Ed Simon <edsimon@xmlsec.com>
Principal, XMLsec Inc. 
(613) 726-9645 

Interested in XML, Web Services, or Security? Visit "http://www.xmlsec.com".


New! "Privacy Protection for E-Services" published by Idea Group (ISBN:
1-59140-914-4 for hard cover, 1-59140-915-2 for soft cover). 
Includes a chapter, by Ed Simon, on "Protecting Privacy Using XML, XACML,
and SAML".
See the Table of Contents here: "http://tinyurl.com/rukr4".

-----Original Message-----
From: public-xmlsec-maintwg-request@w3.org
[mailto:public-xmlsec-maintwg-request@w3.org] On Behalf Of Juan Carlos
Cruellas
Sent: June 18, 2007 11:57
To: public-xmlsec-maintwg@w3.org
Subject: Additional issue on RFC 2253 usage in relation with XMLSig: On the
capability of the RFC2253 "CN=Sam"encoding form for identifying a
Certificate.


Dear all,

I understood in our last conference call that Frederick suggested to
summarize the issues related to the RFC 2253 stuff within XMLSig.

In addition to the RFC 2253 encoding stuff that we have been discussing in a
separated thread, and which has been summarized by Thomas, who has raised a
proposal last week, I would like to remind an issue that I raised in
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/0021.html

and that was commented by Ed in
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jun/0024.html

This issue deals with the fact that both RFC 2253 and RFC 4514 make it clear
that the String representation using short names and string values for for
representing DNs may put problems when trying to identifying without
ambiguity the corresponding certificate...

Could we deal with this, once we have agreed on the encoding issue?

Regards

Juan Carlos.

Received on Monday, 18 June 2007 18:14:01 UTC