- From: Ko Fujimura <fujimura@isl.ntt.co.jp>
- Date: Wed, 21 Apr 1999 12:01:05 +0900
- To: rdbrown@globeset.com
- Cc: w3c-xml-sig-ws@w3.org
At Tue, 20 Apr 1999 18:52:25 -0500, Richard D. Brown <rdbrown@globeset.com> wrote: > > I certainly do not refute X509 or PKIX. I refute PKCS#7 for encoding the > signature value. PKCS#7 does not address the issues that you have listed - > PKIX and X509 do (to some extent). Also, recall that there are frameworks > that do not even make use of digital certificates - These, for sure, do not > really care about PKIX and X509... I agree. Our digital ticket system is the application which do not require PKIX and X509 ... I believe that there are many other applications which do not require any PK certificates. Because, a PK certificate is a document which binds a PK and identity, but identity is not required for all application. Of course, if an application requires X509 or PKIX certificates, then the verification system must interprets the ASN.1/DER blob. But it is an option, I believe. I also think that a PK certificate can be/should be a "normal" singed XML document which describes an assertion on the PK for the application. Regards, Ko o---------------------------------------------------------o o Ko Fujimura Email: fujimura@isl.ntt.co.jp o o---------------------------------------------------------o o NTT Information Sharing Platform Labs, Security Project o o 1-1 Hikarinooka, Yokosuka-shi, Kanagawa 239-0847, JAPAN o o Tel: +81-(0)468-59-3814 Fax: +81-(0)468-59-8329 o o---------------------------------------------------------o
Received on Tuesday, 20 April 1999 23:01:12 UTC