[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ubl-ndrsc] Digital Signatures
Paul Thorpe wrote: > On Tue, 3 Jun 2003, Eduardo Gutentag wrote: > > >>Paul, >> >>I believe the industry standard for XML documents is XML Signature. > > > Please look at the XML Signature standard, and you will notice that it > uses X.509v3. I am just pointing out that you can avoid the added > overhead of XML Signitures by using X.509 directly.n Not being a security expert, let alone a signature one, I must then ask if anybody knows why a bunch of companies got together at the W3C and decided (my company included) that there was a need for XML Signature and then proceeded to spend a considerable amount of effort, time and money developing it. Are you saying that it was just a waste of all of that? That we were swindled? That wherever and whenever you can use DSig you might as well use X.509? > > Paul > > >> >> >>Paul Thorpe wrote: >> >>>Hi, >>> >>>In the last UBL NDRSC phone call I promised to send more information about >>>the use of digital signatures in all UBL documents. I agree with David >>>Burdett that an optional field should be added to all UBL documents, but >>>believe the industry standard X.509 based signatures should be used. The >>>reason I suggest this is that this does not require you to preserve binary >>>content of what was signed. Anyone who wishes to authenticate the >>>signature can recreate that binary content when they need to do the >>>authentication since DER (Distinguished Encoding Rules) is truely >>>canonical (has exactly one way of encoding any given message). >>> >>>Note that even Canonical-XML requires you to preserve the namespace >>>prefixes that were in the XML tags, so you would really need to preserve >>>the complete XML document (tags with prefixes and all) along with the >>>signature in order to authenticate it if you directly sign the XML >>>document. >>> >>>By making the field optional, no one is required to use the digital >>>signatures, but can if they wish to. >>> >>>This optional signature field should placed in the schema immediately >>>before or after the global element whose contents need authentication. >>> >>>---------------------------------------------------------------------------- >>>Paul E. Thorpe Toll Free : 1-888-OSS-ASN1 >>>OSS Nokalva International: 1-732-302-0750 >>>Email: thorpe@oss.com Tech Support : 1-732-302-9669 >>>http://www.oss.com Fax : 1-732-302-0023 >>> >>> >>> >>>You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/ubl-ndrsc/members/leave_workgroup.php >>> >> >>-- >>Eduardo Gutentag | e-mail: eduardo.gutentag@Sun.COM >>Web Technologies and Standards | Phone: +1 510 550 4616 x31442 >>Sun Microsystems Inc. | 1800 Harrison St. Oakland, CA 94612 >>W3C AC Rep / OASIS TAB Chair >> >> >>You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/ubl-ndrsc/members/leave_workgroup.php >> >> > > > > You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/ubl-ndrsc/members/leave_workgroup.php > -- Eduardo Gutentag | e-mail: eduardo.gutentag@Sun.COM Web Technologies and Standards | Phone: +1 510 550 4616 x31442 Sun Microsystems Inc. | 1800 Harrison St. Oakland, CA 94612 W3C AC Rep / OASIS TAB Chair
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]