- From: Thomas Roessler <tlr@w3.org>
- Date: Thu, 21 Aug 2008 21:34:17 +0200
- To: Scott Cantor <cantor.2@osu.edu>
- Cc: 'Sean Mullan' <Sean.Mullan@Sun.COM>, 'Kelvin Yiu' <kelviny@exchange.microsoft.com>, public-xmlsec@w3.org
On 2008-08-21 14:56:38 -0400, Scott Cantor wrote: >> Maybe but at least for Java applications, you've already got a >> standard XML Signature API in all JREs. There's no standard >> Java S/MIME API and there may never be. > No, but it's much easier to implement a signature like that from scratch in > Java and C++ than to implement even a tiny subset of XML Signature in > languages that don't have it. I'm not so sure of that. Implementing a tightly constrained profile of Signature turns out to be relatively easy (yes, I have done that), except for the canonicalization portion of things. In such a case, much of the complexity usually boils down to a verification step that none of it is used. Cheers, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Thursday, 21 August 2008 19:34:54 UTC