OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Rich & Elliotte were right, I was wrong

[ Lists Home | Date Index | Thread Index ]

Dennis Sosnoski wrote:
> This suggests to me that XML DSig is basically a questionable idea. Why 
> the obsession with text? It seems like doing this at the Infoset level 
> would be much simpler (and much more efficient).

(XML DSIG and XML-Encryption are based on the XPath 1.0 model.)

Cryptography works on bytes.  Since there is no standard serialization 
for an Infoset, and since you can create infosets that are 
unserializable, you cannot build cryptographic functions such as 
signature and encryption without first solving those problems.

Or, you can say that the fact that security relies on bytes means that 
the whole infoset approach will fail because security is more important 
than an abstract information model. :)


Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS