RE: Quote from Original Requirements document

["Edward Shallow" <ed.shallow@rogers.com>]

Revision on attached.

All,

   I stand corrected. If one follows the Requirements document history all
the way to later versions last summer, the CMS/PKCS#7 bullet in 3.1.2 was
removed. I correct myself on the attached. Not sure where this now stands in
terms of expected commitment from the core.

Ed 

-----Original Message-----
From: Edward Shallow [mailto:ed.shallow@rogers.com] 
Sent: April 18, 2004 11:57 AM
To: 'Trevor Perrin'; 'dss@lists.oasis-open.org'
Subject: Quote from Original Requirements document


All,

    As it pertains to the CMS in core debate, here is an excerpt from an
early version of the DSS TC Requirements back in late April immediately
after the F2F.


... Quote ...

3.1.2	Signature Formats
.	XML-DSIG
.	XML Timestamp Tokens
.	CMS/PKCS#7 (RFC 2630)
.	Extensible to others 
We will focus on XML-DSIG signatures applied to XML content.  As this is the
most flexible case and has the most complications around transforms,
references, signature placement, etc., the resulting protocol should easily
generalize to simpler formats like CMS (which supports the email and
code-signing use cases) or OpenPGP.  Other formats that DSS could ...

... End quote ...

The key phrases I read here are ... 1) the resulting protocol should
generalize to simpler formats like CMS, and 2) Extensible to others ...
Others could be used to categorize the special cases we are currently
debating (i.e. multi-signatures). The point is, the core is Extensible to
other formats

The intention was there at the time, and the hypothesis wasn't too bad. I
state it simply needs adjusting to meet this early objective we set out for
ourselves. Late-in-the-game is not a valid excuse for giving up and dropping
the issue, or worse pushing CMS entirely out of the core and into the
profiles.

Ed