[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Mime type for XRD/Site-meta signature file
On Wed, Dec 3, 2008 at 2:20 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote: > Is S/MIME adopted? Reasonably so. > It seems to work very similarly to what we are looking > for, though using multiparts and not links. Agreed, it's very similar. The main differences are: - xml dsig uses XML, pkcs#7 uses asn.1 - xml dsig allows for signing partial documents via xml canonicalization. > Do we have an idea how the current status of adoption for PKCS #7 in > libraries and platforms? It's not in the standard java crypto libraries, you need to import bouncycastle. It is in openssl, however, and since most of the web-friendly languages have openssl bindings they can use s/mime. Unfortunately asn.1 parsers are not widely implemented in the web friendly languages, so if you can't find a prebuilt library you're going to have a really tough time with PKCS #7. > How much signature metadata do we need to build into XRD? I think we should reuse lots of XML DSIG (such as ds:X509Certificate for including certs in documents), but leave out the complicated xml canonicalization. Instead we should use signatures separate from the signed docs.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]