- From: Ed Simon <edsimon@xmlsec.com>
- Date: Wed, 27 Feb 2002 10:06:30 -0500
- To: <www-xkms@w3.org>
I can't think of any constrained-xmldsig specifications offhand. After all, XML Signature only became a Recommendation last week. That said, there are a number of potential XML Signature processing optimizations that could be implemented, they would need to be selected according to the specific needs of the system in mind. Let me emphasize that these wouldn't be optimizations to the XML Signature spec but reasonable constraints on the data being signed and optimized code written particularly for those constraints. So the first thing to do is to get a firm understanding of XKMS use in mobile devices and smart cards including what constraints can be placed on the XKMS , then identify the potential optimization possibilities, and then finally, write some specialized code to see if it the results are what were hoped for. Though the topic is specifically interesting to me, I can't commit to anything major on it until I've confirmed I've got the resources necessary for it. Regards, Ed ----- Original Message ----- From: "Stephen Farrell" <stephen.farrell@baltimore.ie> To: "Ed Simon" <edsimon@xmlsec.com> Cc: <www-xkms@w3.org> Sent: Tuesday, February 26, 2002 8:08 AM Subject: Re: WAP issues with XKMS [was RE: Mobile XKMS clients] > > Ed, > > On the first issue - have we any examples of a constrained-xmldisg > specification? > > Stephen. > > Ed Simon wrote: > > > > Alex wrote > > > 1) Because its not possible (and perhaps impossible) to support a general > > > purpose XML parser and more importantly a full XML dsig implementation on > > > constrained devices, it would be necessary to create a dsig profile for > > XKMS > > > messaging. For example, is full XPath support necessary? > > > > Individual protocols can certainly decide not to use XPath or other features > > of XML Signature; indeed the XML Signature schema specifically allows great > > flexibility in subclassing. However, all protocols, no matter how they > > subclass XML Signature, must however ensure they are using XML Signature in > > a secure and sufficiently interoperable manner. > > > > I'm interested in the question about determining what degree of XML > > processing will be available on "constrained" devices. I'm not > > knowledgeable enough in this area but it seems to me that there are so many > > XML technologies that will be desired on such devices (eg. SVG, Web > > services,...) that it would make sense (even in a constrained environment) > > to have a reasonably adequate level of generic XML processing available. > > > > > 2) The size of a signed XKMS message is to large, leading to bandwidth > > > issues. For example, a typical signed XKMS Validate response can run > > about > > > 2.5K. On some networks this would cost the user between 7 and 10 cents! > > > (Data from a major European operator) This seems to have been the major > > > issue with the vendors and caused them to stick to their smaller > > proprietary > > > structures and to consider ASN.1 based protocols such as OCSP for > > validation > > > instead of going with XKMS. > > > > Again, I'm no expert in wireless but 4cents per kilobyte sounds strange to > > me as a design parameter. I thought 3G wireless was good for say, at least > > 10 kB/second. Does that mean on 3G, I'd be spending 40 cents/second, > > $24/minute!, on a 3G network!!! > > > > Ed > > -- > ____________________________________________________________ > Stephen Farrell > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > 39 Parkgate Street, fax: +353 1 881 7000 > Dublin 8. mailto:stephen.farrell@baltimore.ie > Ireland http://www.baltimore.com >
Received on Wednesday, 27 February 2002 10:05:50 UTC