- From: Phillip M Hallam-Baker <pbaker@verisign.com>
- Date: Mon, 26 Apr 1999 13:01:55 -0400
- To: <rdbrown@GlobeSet.com>, "'Bede McCall'" <bede@mitre.org>, <w3c-xml-sig-ws@w3.org>
> 1 - What do people refer to by CMS? CMS as specified by PKIX or > PKCS#7 from > RSA. CMS is the IETF interpretation of PKCS#7. At this point CMS is the standard to reference. > 2 - CMS implementations usually require the certificate-chain to be either > refer to or pass as an argument. What is the impact on XML-DSIG > implementation? Other crypto-algorithms require only the private-key. I think as far as 'blobism' goes it is the detached signature blob which is of interest - everything within the signature envelope. PKI implementations require a certificate chain to authenticate a signed object, at least according to PKI as we know it. Whether the certificates are sent with the message, retrieved from a server or directory there is a need to authenticate public keys in some manner. I don't know of any PKI, including PGP which does not have such a constraint. Certainly certificate chain transport is something the XML spec has to address. It is not something which I would want to insist on CMS to achieve however. Signature blobs stripped of the cert chain achieve the backwards compatibility we need. > Also, we can make sure that the specification provides for CMS without > making CMS mandatory. Actually, I would certainly vote against such a > proposition. Votes? What votes? Phill
Received on Tuesday, 27 April 1999 13:00:45 UTC