OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Rich & Elliotte were right, I was wrong

[ Lists Home | Date Index | Thread Index ]

Rich Salz wrote:

>Dennis Sosnoski wrote:
>>This suggests to me that XML DSig is basically a questionable idea. Why 
>>the obsession with text? It seems like doing this at the Infoset level 
>>would be much simpler (and much more efficient).
>(XML DSIG and XML-Encryption are based on the XPath 1.0 model.)
>Cryptography works on bytes.  Since there is no standard serialization 
>for an Infoset, and since you can create infosets that are 
>unserializable, you cannot build cryptographic functions such as 
>signature and encryption without first solving those problems.
Well, on the bright side I guess the extreme overhead of basing DSIG and 
Encryption on XPath rather than some standardized serialization of the 
Infoset means there's a growing market for appliances to take over the 
processing... but I guess you already know that. :-)

>Or, you can say that the fact that security relies on bytes means that 
>the whole infoset approach will fail because security is more important 
>than an abstract information model. :)
I'd suspect that any reasonable implementation of c14n is actually 
working at a level equivalent to the Infoset internally, anyway - it 
just serializes the Infoset out following the special rules for c14n 
XML. Is there any other way of handling c14n that's not equivalent to this?

  - Dennis


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS