- From: Scott Cantor <cantor.2@osu.edu>
- Date: Thu, 21 Aug 2008 14:56:38 -0400
- To: "'Sean Mullan'" <Sean.Mullan@Sun.COM>
- Cc: "'Kelvin Yiu'" <kelviny@exchange.microsoft.com>, <public-xmlsec@w3.org>
> Maybe but at least for Java applications, you've already got a standard > XML Signature API in all JREs. There's no standard Java S/MIME API and > there may never be. No, but it's much easier to implement a signature like that from scratch in Java and C++ than to implement even a tiny subset of XML Signature in languages that don't have it. > Even if we end up just using the XML Signature > structure as a container for the digests and signature and not much > else, I think it still may be a win. That at least is implementable, if no c14n is involved. But my general sense, despite my own earlier comments to the contrary, is that it's time to look at specs like S/MIME that already exist and don't have the complexity of XML. If I'm trying to submit a signed XML document over HTTP, for example, why would S/MIME not be the obvious thing to use? -- Scott
Received on Thursday, 21 August 2008 18:57:23 UTC