OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xri] SimpleSign for estabilishing the authenticity of XRD.

This message never found any response.

However, I think it is pretty improtant to consider, especially for XRI
folks.

I like file based signature. I started off from there. Then, I stumbled
with the XRDS usecase, which cannot be done with this approach. That's
why I came up with the simple canonicalization method based XRD SimpleSign.

If we are to take this file based approach, we have to define how the
signature will work for XRDS.

Also, I would like to re-iterate that CanonicalID is not a usual domain
name (= re-assignable.)
It has to be a cool uri with fragments or i-number kind of ID that is
guarantee not to be re-assigned to another entity by the relevant CA.

It would not be stored in CN, I think. That is why I am using
SubjectUniqueIdentifier field that was defined in X.509v.2.

=nat

Sakimura Nat wrote:
> Hi.
>
> I have updated the SimpleSign.
> Now it include an Overview section so that you can find out how this
> SimpleSign establishes the authenticity of the XRD. By just inspecting
> the XRD, one can estabilish its authenticity, using
> SubjectUniqueIdentifier and CanonicalID.
>
> #Note: It is different that if one can Trust that entity. It just
> establishes the authoritative-ness.
>
> Also, I have added another potential signature method. #2.4.
> Problem of #2.3 (File signing) is that it cannot be applied for
> sequences of XRDs (i.e., XRDS)except for the entire XRDS. #2.4 solves
> this. In #2.4, the XRD is Base64 encoded and saved as an attribute of
> XRD, and signature is applied on that string. Downside is that the XRD
> become approximately 2.3 times bigger.
>
> =nat
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>   

-- 
Nat Sakimura (=nat)
Nomura Research Institute, Ltd. 
XDI.ORG Vice Chair

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]