- From: tog <todd.glassey@www.meridianus.com>
- Date: Thu, 29 Jul 1999 07:55:19 -0700
- To: <rdbrown@Globeset.com>, "'Todd S. Glassey'" <Todd.Glassey@www.meridianus.com>, "'Richard Himes'" <rhimes@nmcourt.fed.us>, <w3c-ietf-xmldsig@w3.org>
- Cc: "'IETF/W3C XML-DSig WG'" <w3c-ietf-xmldsig@w3.org>
No, but it is totally reasonable to expect that if I can carry a particular type of object that I can do more than treat it like its an object ----- Original Message ----- From: Richard D. Brown <rdbrown@Globeset.com> To: 'Todd S. Glassey' <Todd.Glassey@www.meridianus.com>; 'Richard Himes' <rhimes@nmcourt.fed.us>; <w3c-ietf-xmldsig@w3.org> Cc: 'IETF/W3C XML-DSig WG' <w3c-ietf-xmldsig@w3.org> Sent: Wednesday, July 28, 1999 4:51 PM Subject: RE: importing terminology in "XML-Signature Requirements" > Todd, > > > How will you address digitally signed PDF files that were > > signed by any of > > the commercially available signing engines, Adobe's, > > Verisign's or either of > > the other two commercial ones included on the Acrobat4 > > Distribution Kit CD. > > > > I will not (from a XMLDSIG perspective at least) and this would be the same > for any signing engine that does not comply with XMLDSIG specification (e.g. > PKCS#7, CMS...). Then my feeling is that this may be the mindset that dooms XML DigSig technology to be "yet another 'we have to support it' PKI exercises". >You cannot expect that different signature syntaxes be > interoperable. Actually this is exactly what I expect, and so does the industry I would venture to guess. 300 different PKI technologies that don't interoperate is more than absurd, its blatently incompetent... Its abusive of the marketplace and really does the advancement of the trust that PKI provides no service that I can see. > > Richard D. Brown > Like I have been saying. If you want to use XML for more than document forms, like as a transaction transport or modeling language, then some things could maybe be differently... if not, then rock on. Todd
Received on Thursday, 29 July 1999 10:41:26 UTC