Re: newbie Question about PKCS#7 from Tom Gindin on 2002-05-16 (w3c-ietf-xmldsig@w3.org from April to June 2002)

From: Tom Gindin <tgindin@us.ibm.com>
Date: Thu, 16 May 2002 10:16:41 -0400
To: "Ed Simon" <edsimon@xmlsec.com>
Cc: "Roman Huditsch" <roman.huditsch@hico.com>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <OFB9F49BFB.64CF071C-ON85256BBB.004D9A14@pok.ibm.com>

      I don't think that XML Signature is a replacement for PKCS#7/CMS.  It
is an alternative which permits the signing of XML rather than of binary
with a leaning towards ASN.1.  However, one possibly productive issue is
brought up by this thread.  Is it reasonable to have a standard transform
of "binary" available, analogous to the existing "base64" transform?  An
Reference containing an FTP URI can perfectly well point to a binary file
on the physical internet, which has not been encoded in base 64.

            Tom Gindin


"Ed Simon" <edsimon@xmlsec.com>@w3.org on 05/16/2002 08:23:36 AM

Sent by:    w3c-ietf-xmldsig-request@w3.org


To:    "Roman Huditsch" <roman.huditsch@hico.com>,
       <w3c-ietf-xmldsig@w3.org>
cc:
Subject:    Re: newbie Question about PKCS#7


I think the first question to be pondered is NOT "How?" but "Why?".

You can of course use XML Signature to sign a PKCS#7 blob just like you can
any other blob.  But I think the implication of your email is that you are
looking for some standard specified way of combining PKCS#7 and XML
Signature.  There isn't any.  Generally, XML Signature should be seen as
the new way of doing digital signatures.

It may make sense to port existing PKCS#7-based applications to XML
Signature, but I doubt there would be any value trying to have a single
digital signature be a hybrid of both XML Signature and PKCS#7.

Ed
 ----- Original Message -----
 From: Roman Huditsch
 To: w3c-ietf-xmldsig@w3.org
 Sent: Wednesday, May 15, 2002 9:13 AM
 Subject: newbie Question about PKCS#7

 I'm very new to the topic of XML Signature and I have therefore a rather
 simple question, which I couldn' solve myself by reading the spec. I
 wanted to look, if this topic was already discussed in your list, but the
 mailing-list archiev was down.
 What I want to know is: How can I include the PKCS#7 Standard in an XML
 Signature? Do I have to use the http://www.w3.org/2000/09/xmldsig#rsa-sha1
 URI?

 wbr,
 Roman Huditsch

Received on Thursday, 16 May 2002 10:17:41 UTC