Lists Home |
Date Index |
Rich Salz wrote:
>Dennis Sosnoski wrote:
>>This suggests to me that XML DSig is basically a questionable idea. Why
>>the obsession with text? It seems like doing this at the Infoset level
>>would be much simpler (and much more efficient).
>(XML DSIG and XML-Encryption are based on the XPath 1.0 model.)
>Cryptography works on bytes. Since there is no standard serialization
>for an Infoset, and since you can create infosets that are
>unserializable, you cannot build cryptographic functions such as
>signature and encryption without first solving those problems.
Well, on the bright side I guess the extreme overhead of basing DSIG and
Encryption on XPath rather than some standardized serialization of the
Infoset means there's a growing market for appliances to take over the
processing... but I guess you already know that. :-)
>Or, you can say that the fact that security relies on bytes means that
>the whole infoset approach will fail because security is more important
>than an abstract information model. :)
I'd suspect that any reasonable implementation of c14n is actually
working at a level equivalent to the Infoset internally, anyway - it
just serializes the Infoset out following the special rules for c14n
XML. Is there any other way of handling c14n that's not equivalent to this?