- From: <stef.hoeben@utimaco.be>
- Date: Tue, 26 Feb 2002 15:31:17 +0100
- To: www-xkms@w3.org
Hello Stephen, (you mean implementation instead of specification?) A XML 'parser' to do only an XKMS Validate can be very small (I guess 5 K of Java code could be enough). XML DSIG is will be allready a lot heavier, even if you would limit it to e.g. a SHA1withRSA enveloped signature and the simplest canonicalization. But do you need XML signature? It's not required for XKMS if you have sufficient transport-level security (e.g. a WTLS connection to the XKMS service, ...). Cheers, Stef > >Ed, > > > >On the first issue - have we any examples of a constrained-xmldisg > >specification? > > > >Stephen. > > Ed, > > On the first issue - have we any examples of a constrained-xmldisg > specification? > > Stephen. > > Ed Simon wrote: > > > > Alex wrote > > > 1) Because its not possible (and perhaps impossible) to support a > general > > > purpose XML parser and more importantly a full XML dsig implementation > on > > > constrained devices, it would be necessary to create a dsig profile for > > XKMS > > > messaging. For example, is full XPath support necessary? > > > > Individual protocols can certainly decide not to use XPath or other > features > > of XML Signature; indeed the XML Signature schema specifically allows > great > > flexibility in subclassing. However, all protocols, no matter how they > > subclass XML Signature, must however ensure they are using XML Signature > in > > a secure and sufficiently interoperable manner. > > > > I'm interested in the question about determining what degree of XML > > processing will be available on "constrained" devices. I'm not > > knowledgeable enough in this area but it seems to me that there are so > many > > XML technologies that will be desired on such devices (eg. SVG, Web > > services,...) that it would make sense (even in a constrained > environment) > > to have a reasonably adequate level of generic XML processing available. > > > > > 2) The size of a signed XKMS message is to large, leading to bandwidth > > > issues. For example, a typical signed XKMS Validate response can run > > about > > > 2.5K. On some networks this would cost the user between 7 and 10 > cents! > > > (Data from a major European operator) This seems to have been the > major > > > issue with the vendors and caused them to stick to their smaller > > proprietary > > > structures and to consider ASN.1 based protocols such as OCSP for > > validation > > > instead of going with XKMS. > > > > Again, I'm no expert in wireless but 4cents per kilobyte sounds strange > to > > me as a design parameter. I thought 3G wireless was good for say, at > least > > 10 kB/second. Does that mean on 3G, I'd be spending 40 cents/second, > > $24/minute!, on a 3G network!!! > > > > Ed > > -- > ____________________________________________________________ > Stephen Farrell > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > 39 Parkgate Street, fax: +353 1 881 7000 > Dublin 8. mailto:stephen.farrell@baltimore.ie > Ireland http://www.baltimore.com -- ____________________________________________________________ Stephen Farrell Baltimore Technologies, tel: (direct line) +353 1 881 6716 39 Parkgate Street, fax: +353 1 881 7000 Dublin 8. mailto:stephen.farrell@baltimore.ie Ireland http://www.baltimore.com
Received on Tuesday, 26 February 2002 09:36:49 UTC