[
Lists Home |
Date Index |
Thread Index
]
> Of course, one of the nice things about using a binary format
> based on ASN.1 defined binary encodings is that the rules for
> canonicalization, encryption, signing, etc. are fully developed, have
> been in extensive use for many years, and are widely implemented. No
> invention or adaptation is required. The ASN.1 world dealt with all
> these issues long before XML even existed.
You talking about PKCS->S/MIME signatures? If so, they're woefully
inadequate. For example, you can't sign a subset, you can't sign
external references, there is no concept of Transformations, and
probably others.
Many of the same folks who invented PKCS-S/MIME crypto invented XML
DSIG, and they learned from the *mistakes and limitations* of those
earlier efforts.
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
|
