- From: Rich Salz <rsalz@datapower.com>
- Date: Wed, 11 Feb 2004 19:16:48 -0500 (EST)
- To: Mark Baker <distobj@acm.org>
- Cc: "www-xkms@w3.org" <www-xkms@w3.org>
> URIs aren't used for important resources
Such as? Most of the resources -- policy, etc., -- must be covered by
a signature. There's no way to sign an HTTP protocol element.
> nor is HTTP GET used for
> retrieving data. Are you familiar at all with the TAG's work, where
> they have, for example, recommended that GET be used whenever you're
> "asking a question", or "performing a query"[1]?
Please show how you could "pluck out" a dsig:KeyInfo element,
and encode it into a URL in such a way that it stands a chance
of working? If, for example, I am asking about the validity of
a certificate where the key is 1K, then the query string will be
at least (cert at least 200 bytes, plus 1K subject key + 1K CA
signature)*4/3 for base64, and you get a URL that is roughly 3000
bytes long.
Perhaps the TAG needs to consider GET with body-content.
> It seems that XKMS is a "Web services" effort, which is ok in that Web
> services are happening, in part, at the W3C. But they also have some
> serious architectural problems in their current form, and XKMS* seems to
> have embraced many of their worst practices ... at least IMHO.
Thanks for sharing.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
Received on Wednesday, 11 February 2004 19:17:09 UTC