I don't want to have to re-implement Apache in order to do
         an SSL implementation. ...

Those analogies aren't apt.  XML is a data format, so it's more like
        I don't want to have to implement ASN1/DER to do S/MIME
Which is a nonsensical complaint.

Makes sense to me.  The other problem with XML sigs (also pointed out in the
writeup) is the fact that it gives you 10 ways to do everything, of which only
1 is actually correct/secure/usable, but is indistinguishable from the other

I don't see it. Yes, XML DSIG makes it possible to sign parts of an XML document. And there are broken applications. Er, so what? Is the lack of certificate validation in outlook proof that S/MIME is broken?

reluctant to implement something that lets users blow their feet off in a
dozen different ways without even knowing it.

So have your API take an XML document and output a signature that signs the exclusive canonicalization of that document, and includes the signer's certificate in the keydata. Problem solved. And that's a fair comparison, since S/MIME is just a profile of PKCS#7 applied to email, right? So use WS-Security which is a profile of XML DSIG applied to SOAP messages, for example.

In other postings, you've pointed out that "nobody" re-generates the DER, but instead keeps it around to verify the signature. In the XML world we do it all the time; recreating and re-canonicalizing works. I guess that proves S/MIME and PGP are fundamentally broken. :)


Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to