OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xcbf message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xcbf] Interpretation of the CS under ballot

Title:
Bancroft,

There is no contradiction in the introduction. Read one sentence
earlier than where you started,

"These CBEFF formats currently include the binary biometric
objects and information records in two ANSI standards."

The CXER encodings only apply to the biometric objects. These
are the inputs to all cryptographic processing. This is stated on
lines 96-98:

"All of the cryptographic operations provided in this standard are
applied to a set of values of the ASN.1 type BiometricObject
defined in the ANSI X9.84 standard. "

Everything that is not part of the NIST patron format is merely
packaging for this payload. This packaging is not cryptographically
enhanced, and so need not be CXER encoded.

Additional clarity was added (in my opinion) by the text that
Alessandro asked to be inserted in Baltimore, then asked last
week to be removed from the document in his comments on
the CS to Standard ballot:

"This allows the simultaneous use of two different sets of ASN.1
encoding rules for different parts of the same message, namely
Canonical XER (CXER) for the BiometricObjects value and
basic XER (XER) or Variant XER (VXER) for the enclosing
 message."

Phil


Bancroft Scott wrote:
On Thu, 10 Apr 2003, Phillip H. Griffin wrote:

  
As for (2), my interpretation is that  ***CXER, and only CXER, must be
used for encoding the WHOLE messages***,  despite the numerous sentences
such as  "This value is always encoded using the XML Encoding Rules"
and the numerous exampes of BASIC-XER encoding.
      
Clearly, since CXER is a subset of XER, CXER may be used to
encode entire messages. But this is not required. As you say above,
there are numerous sentences in the document such as

"This value is always encoded using the XML Encoding Rules"

and it is these sentences that specify all of the CXER requirements.
    
Doesn't this contradict what is said in the Introduction?:

   "These XML encodings are based on the ASN.1 [2] [3] [4] [5] schema
   defined in ANSI X9.84:2003 Biometric Information Management and
   Security. They conform to the canonical variant of the XML Encoding
   Rules (XER) for ASN.1 defined in ITU-T Rec. X.693"

That is, in the Introduction it states that the encodings conform to CXER
(the canonical variant of XER), but throughout the document there is a
mixture of XER and CXER encodings.

Bancroft

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]