OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] Groups - WSS-X509-04.pdf uploaded

Your design is more complex than PKCS #7, though potentially it
provides more functionality. But to pipe a path of N certificates it
requires N Base64 processes. The PKCS #7 design require only
one, regardless of the number of certificates in the path 
Yes but the PKCS#7 process requires far more complex internal processing.
The number of Base64 operations is simply not relevant, Base64 has almost no state and the overhead of starting and stopping the encoder is not an issue on any encoder I have used or have written. The additional space is at most 2 wasted bytes. So in terms of space we are talking about an extra four bytes.
The PKCS7 design introduces a lot of other processing that is not relevant to the WSS application. To get just a certificate chain we have to create the equivalent of a noop, a message that is neither signed nor encrypted which PKCS#7 is not designed to do.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]