RE: Proposed Draft Chart and Officer Nominations from Richard D. Brown on 1999-04-07 (w3c-xml-sig-ws@w3.org from April 1999)

From: Richard D. Brown <rdbrown@GlobeSet.com>
Date: Wed, 7 Apr 1999 16:11:50 -0500
To: "'Phillip hallam-Baker'" <pbaker@verisign.com>, "'Joseph M. Reagle Jr. (W3C)'" <reagle@w3.org>, "'Signed-XML Workshop'" <w3c-xml-sig-ws@w3.org>
Cc: <xml-dsig@GlobeSet.com>
Message-ID: <002001be813b$420749a0$0bc0010a@artemis.globeset.com>

Phill,

Sorry, but I do not get your point (document attribute vs. service). I have
simply suggested that we further define an XML-based syntax for packaging
encrypted content (among others). Sure, PKCS#7 can serve the purpose - this
was my point in the first place. But PKCS#7 is ASN1-based and I am looking
forward an XML solution. The fact that a Signature is in fact a logical
attribute of the document while Confidentiality and Non-repudiation are
(from your view point) services have nothing to do with this. I am certainly
aware that they can be provided by other means. My point is that there is no
XML-based standard for enveloping encrypted content (at whatever iso or
non-iso layer). So far, security services have been considered at large, and
standards such as PKCS#7 and CMS propose syntaxes for both authentication
and confidentiality.

Sincerely,

Richard D. Brown


> -----Original Message-----
> From: Phillip hallam-Baker [mailto:pbaker@verisign.com]
> Sent: Wednesday, April 07, 1999 11:26 AM
> To: rdbrown@GlobeSet.com; 'Joseph M. Reagle Jr. (W3C)'; 'Signed-XML
> Workshop'
> Cc: xml-dsig@GlobeSet.com
> Subject: Re: Proposed Draft Chart and Officer Nominations
>
>
>
> >So, I suggest that we extend the mission statement of this
> activity beyond
> >Signature and that we also provide for Authentication Codes (already
> >considered in Digital Signature for XML Proposal) and Confidentiality
> >envelopes (encryption).
>
>
> I disagree, a signature is logically an attribute related to
> the document,
> something which once created may be considered a part of the document+
> attributes package.
>
> Confidentiality is a service which may be achieved in many ways,
> including IPSEC and SSL. Non-repudiation is a service which can
> only be realistically provided at the message layer, that is the
> piece which transport and network layer security really can't
> provide.
>
>
> The only advantage to implementing message layer confidentiality
> services is if you need to relay messages through caches or other
> relay devices (mail servers) and want to preserve the end to end
> properties. PKCS#7 more than adequately addresses that need.
>
>         Phill
>

Received on Wednesday, 7 April 1999 17:11:19 UTC