Rich Salz <[EMAIL PROTECTED]> writes: >Peter's shared earlier drafts with me, and we've exchanged email about this. >The only complaint that has a factual basis is this: > > I don't want to have to implement XML processing to do > XML Digital Signatures
I don't want to have to re-implement Apache in order to do an SSL implementation. I don't want to have to re-implement MS Exchange in order to do a PGP implementation. I don't want to have to re-implement ext2fs in order to encrypt a file. Makes sense to me. The other problem with XML sigs (also pointed out in the writeup) is the fact that it gives you 10 ways to do everything, of which only 1 is actually correct/secure/usable, but is indistinguishable from the other 9. Since ease of use/secure-by-default is a major goal of my work, I'm rather reluctant to implement something that lets users blow their feet off in a dozen different ways without even knowing it. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]