PKCS-7 Signature (and Envelope) from Greg Whitehead on 1999-11-01 (w3c-ietf-xmldsig@w3.org from October to December 1999)

From: Greg Whitehead <gwhitehead@signio.com>
Date: Mon, 1 Nov 1999 10:33:27 -0800
To: w3c-ietf-xmldsig@w3.org
Message-ID: <6B962A1EE646D31193270008C7A4BAB5093424@mail.paymentnet.com>

I realize that most people are interested in a pure XML approach to digital
signatures, and I fully support that.  At the same time, there may be
applications where PKCS-7 support is already present and certain
efficiencies are gained by using it in the XML world rather than
re-inventing the key management support that it provides.

Before you flame me (;-)), I am not proposing any changes to the core
specification. I'm simply offering the following thoughts on how PKCS-7 (or
CMS) could be supported within the framework of the core specification.  We
may use something like this ourselves (internally), especially for digital
envelopes, and I'd be willing to write it up as an ancillary specification
if anyone else is interested.

NOTE: The PKCS-7 algorithm urns used below are bogus. Any thoughts on what
they should be?

-Greg


1) Signatures

The (current) signature structure is as follows:

   <Signature>
     <SignedInfo>
       (CanonicalizationMethod)
       (SignatureMethod)
       (ObjectReference)+
     </SignedInfo>
     (SignatureValue)
     (KeyInfo)?
     (Object)*
   </Signature>

For a PKCS-7 signature, we propose the following SignatureMethod:

    <SignatureMethod Algorithm="urn:xxx:pkcs-7"/>
   
We don't need a KeyInfo element, since key management is handled within the
binary pkcs-7 signature value.

2) Envelopes

We propose the following syntax for an envelope:

    <Envelope>
      <EnvelopeMethod Algorithm="urn:xxx:pkcs-7"/>
      <EnvelopeValue>...base64...</EnvelopeValue>
    </Envelope>

This should provide enough flexiblilty to "drill down" to the crypto
algorithm level, as has been done for digital signatures, but we don't plan
to do that work in the short term.

As with PKCS-7 signatures, key management is handled within the binary
PKCS-7 envelope value.

-Greg

--
Greg Whitehead
Chief Scientist
Signio, Inc.
1600 Bridge Parkway, Suite 201
Redwood City, CA  94065
650-622-2250
650-622-2201 (fax)
gwhitehead@signio.com
http://www.signio.com

Received on Monday, 1 November 1999 13:33:50 UTC