wss message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RE: [wss] Groups - WSS-X509-04.pdf uploaded
- From: "Hallam-Baker, Phillip" <pbaker@verisign.com>
- To: "'Phillip H. Griffin'" <phil.griffin@asn-1.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>
- Date: Tue, 20 May 2003 06:36:29 -0700
Title:
Your design is more complex than PKCS #7, though potentially
it
provides more functionality. But to pipe a path of N certificates
it
requires N Base64 processes. The PKCS #7 design require only
one,
regardless of the number of certificates in the path
Yes
but the PKCS#7 process requires far more complex internal
processing.
The
number of Base64 operations is simply not relevant, Base64 has almost no state
and the overhead of starting and stopping the encoder is not an issue on any
encoder I have used or have written. The additional space is at most 2
wasted bytes. So in terms of space we are talking about an extra four
bytes.
The PKCS7 design introduces a lot of other
processing that is not relevant to the WSS application. To get just a
certificate chain we have to create the equivalent of a noop, a message that is
neither signed nor encrypted which PKCS#7 is not designed to
do.
Phill
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]