[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ubl-ndrsc] Digital Signatures
I forgot. An argument could be made that XML uses plain text, and one could avoid the overhead of XML by using plain text instead. Is that a valid analogy to the argument you're making? Does it render your argument as irrelevant as this one happens to be? Eduardo Gutentag wrote: > Paul Thorpe wrote: > >> On Tue, 3 Jun 2003, Eduardo Gutentag wrote: >> >> >>> Paul, >>> >>> I believe the industry standard for XML documents is XML Signature. >> >> >> >> Please look at the XML Signature standard, and you will notice that it >> uses X.509v3. I am just pointing out that you can avoid the added >> overhead of XML Signitures by using X.509 directly.n > > > Not being a security expert, let alone a signature one, I must then ask > if anybody knows why a bunch of companies got together at the W3C and > decided (my company included) that there was a need for XML Signature > and then proceeded to spend a considerable amount of effort, time and > money developing it. Are you saying that it was just a waste of all of > that? > That we were swindled? That wherever and whenever you can use DSig you > might as well use X.509? > >> >> Paul >> >> >>> >>> >>> Paul Thorpe wrote: >>> >>>> Hi, >>>> >>>> In the last UBL NDRSC phone call I promised to send more information >>>> about >>>> the use of digital signatures in all UBL documents. I agree with David >>>> Burdett that an optional field should be added to all UBL documents, >>>> but >>>> believe the industry standard X.509 based signatures should be >>>> used. The >>>> reason I suggest this is that this does not require you to preserve >>>> binary >>>> content of what was signed. Anyone who wishes to authenticate the >>>> signature can recreate that binary content when they need to do the >>>> authentication since DER (Distinguished Encoding Rules) is truely >>>> canonical (has exactly one way of encoding any given message). >>>> >>>> Note that even Canonical-XML requires you to preserve the namespace >>>> prefixes that were in the XML tags, so you would really need to >>>> preserve >>>> the complete XML document (tags with prefixes and all) along with the >>>> signature in order to authenticate it if you directly sign the XML >>>> document. >>>> >>>> By making the field optional, no one is required to use the digital >>>> signatures, but can if they wish to. >>>> >>>> This optional signature field should placed in the schema immediately >>>> before or after the global element whose contents need authentication. >>>> >>>> ---------------------------------------------------------------------------- >>>> >>>> Paul E. Thorpe Toll Free : >>>> 1-888-OSS-ASN1 >>>> OSS Nokalva International: >>>> 1-732-302-0750 >>>> Email: thorpe@oss.com Tech Support : >>>> 1-732-302-9669 >>>> http://www.oss.com Fax : >>>> 1-732-302-0023 >>>> >>>> >>>> >>>> You may leave a Technical Committee at any time by visiting >>>> http://www.oasis-open.org/apps/org/workgroup/ubl-ndrsc/members/leave_workgroup.php >>>> >>>> >>> >>> -- >>> Eduardo Gutentag | e-mail: >>> eduardo.gutentag@Sun.COM >>> Web Technologies and Standards | Phone: +1 510 550 4616 x31442 >>> Sun Microsystems Inc. | 1800 Harrison St. Oakland, >>> CA 94612 >>> W3C AC Rep / OASIS TAB Chair >>> >>> >>> You may leave a Technical Committee at any time by visiting >>> http://www.oasis-open.org/apps/org/workgroup/ubl-ndrsc/members/leave_workgroup.php >>> >>> >>> >> >> >> >> You may leave a Technical Committee at any time by visiting >> http://www.oasis-open.org/apps/org/workgroup/ubl-ndrsc/members/leave_workgroup.php >> >> > -- Eduardo Gutentag | e-mail: eduardo.gutentag@Sun.COM Web Technologies and Standards | Phone: +1 510 550 4616 x31442 Sun Microsystems Inc. | 1800 Harrison St. Oakland, CA 94612 W3C AC Rep / OASIS TAB Chair
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]