- From: Phillip hallam-Baker <pbaker@verisign.com>
- Date: Wed, 7 Apr 1999 09:26:26 -0700
- To: <rdbrown@globeset.com>, "'Joseph M. Reagle Jr. (W3C)'" <reagle@w3.org>, "'Signed-XML Workshop'" <w3c-xml-sig-ws@w3.org>
- Cc: <xml-dsig@globeset.com>
>So, I suggest that we extend the mission statement of this activity beyond
>Signature and that we also provide for Authentication Codes (already
>considered in Digital Signature for XML Proposal) and Confidentiality
>envelopes (encryption).
I disagree, a signature is logically an attribute related to the document,
something which once created may be considered a part of the document+
attributes package.
Confidentiality is a service which may be achieved in many ways,
including IPSEC and SSL. Non-repudiation is a service which can
only be realistically provided at the message layer, that is the
piece which transport and network layer security really can't
provide.
The only advantage to implementing message layer confidentiality
services is if you need to relay messages through caches or other
relay devices (mail servers) and want to preserve the end to end
properties. PKCS#7 more than adequately addresses that need.
Phill
Received on Wednesday, 7 April 1999 12:26:11 UTC