- From: Brian LaMacchia <bal@microsoft.com>
- Date: Mon, 26 Mar 2001 19:28:12 -0800
- To: "Joseph M. Reagle Jr." <reagle@w3.org>, <Noah_Mendelsohn@lotus.com>
- Cc: <w3c-ietf-xmldsig@w3.org>, <xmlschema-dev@w3.org>, <xmlschema-dev-request@w3.org>
CryptoBinary and base64Binary are not exactly equivalent -- there are further restrictions on a CryptoBinary because it is a representation of a single bignum. From the latest DSIG draft, section 6.4, is this implicit definition of the CryptoBinary format: Arbitrary-length integers (e.g. "bignums") are represented in XML as octet strings. The integer value is first converted to a "big endian" bitstring. The bitstring is then padded with leading zero bits so that the total number of bits == 0 mod 8 (so that there are an integral number of octets). If the bitstring contains entire leading octets that are zero, these are removed (so the high-order octet is always non-zero). This octet string is then base64 [MIME] encoded. (The conversion from integer to octet string is equivalent to IEEE 1363's I2OSP [1363] with minimal length). There's no difference in the schema definition, at least as it is today, but there is a semantic difference. --bal -----Original Message----- From: Joseph M. Reagle Jr. [mailto:reagle@w3.org] Sent: Monday, March 26, 2001 3:12 PM To: Noah_Mendelsohn@lotus.com Cc: w3c-ietf-xmldsig@w3.org; xmlschema-dev@w3.org; xmlschema-dev-request@w3.org Subject: Re: What to do with CryptoBinary? At 17:54 3/26/2001 -0500, Noah_Mendelsohn@lotus.com wrote: >I don't claim to be an expert on the digital signatures specification, Thanks for your response Noah. I should've provided a reference, but there is really nothing more to CryptoBinary than the schema definition. >http://www.w3.org/TR/2000/CR-xmldsig-core-20001031/#sec-CoreSyntax > <simpleType name="CryptoBinary"> > <restriction base="binary"> > <encoding value="base64"/> > </restriction> > </simpleType> >my quick reading of it suggests that CryptoBinary is not just any base64 >binary It is that simple. It's used as the type for SignatureValue, DigestValue, X509SKI, X509Certificate, X509CRL, PGPKeyPacket, and all the DSA/RSA parameters. Consequently, it has to be generic, and given we decided to go base64 in xmldsig, it made sense to simplify things and just create a type for it. >By specifically naming the >digital signature type, you will allow behaviors to be applied to any >information specifically coded in that manner. The fact that the XML >schema validation mechanisms provided no additional direct checking is >unimportant, I think. Even given what I said above, I'd be willing to take this as an argument not to eliminate it -- that's the direction I'm leaning towards anyways <smile/>. __ Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Monday, 26 March 2001 23:16:15 UTC