Re: Some strawman ideas for a minimum DSig profile

On 2008-08-21 14:56:38 -0400, Scott Cantor wrote:

>> Maybe but at least for Java applications, you've already got a
>> standard XML Signature API in all JREs. There's no standard
>> Java S/MIME API and there may never be.

> No, but it's much easier to implement a signature like that from scratch in
> Java and C++ than to implement even a tiny subset of XML Signature in
> languages that don't have it.

I'm not so sure of that.  Implementing a tightly constrained profile
of Signature turns out to be relatively easy (yes, I have done
that), except for the canonicalization portion of things.

In such a case, much of the complexity usually boils down to a
verification step that none of it is used.

Cheers,
-- 
Thomas Roessler, W3C  <tlr@w3.org>

Received on Thursday, 21 August 2008 19:34:54 UTC