RE: XML interface with URIs

> 1 - What do people refer to by CMS? CMS as specified by PKIX or
> PKCS#7 from
> RSA.

CMS is the IETF interpretation of PKCS#7. At this point CMS is the
standard to reference.

> 2 - CMS implementations usually require the certificate-chain to be either
> refer to or pass as an argument. What is the impact on XML-DSIG
> implementation? Other crypto-algorithms require only the private-key.

I think as far as 'blobism' goes it is the detached signature blob which
is of interest - everything within the signature envelope.

PKI implementations require a certificate chain to authenticate a
signed object, at least according to PKI as we know it. Whether the
certificates are sent with the message, retrieved from a server
or directory there is a need to authenticate public keys in some
manner.

I don't know of any PKI, including PGP which does not have such
a constraint. Certainly certificate chain transport is something
the XML spec has to address. It is not something which I would
want to insist on CMS to achieve however. Signature blobs stripped
of the cert chain achieve the backwards compatibility we need.

> Also, we can make sure that the specification provides for CMS without
> making CMS mandatory. Actually, I would certainly vote against such a
> proposition.

Votes? What votes?


		Phill

Received on Tuesday, 27 April 1999 13:00:45 UTC