On 13-Feb-06, at 11:08 AM, Eric Rescorla wrote:
Dick Hardt <[EMAIL PROTECTED]> writes:
On 13-Feb-06, at 10:52 AM, Eric Rescorla wrote:
The motivation was to get all the binary crypto code out of the
MS to
ease adoption. We learnt from our prior experience with the SXIP
protocol that this was a barrier to adoption. Writing good DSIG
code
for all platforms/stacks/languages is tedious and expensive and
worse
increases the number of lines of code that a MS developer has to
write to enable a site. [SXIP 1.0 worked this way.]
Just to clarify, getting someone to install or dynamic language
script or module is *way* easier then installing a binary.
XML DSIG libraries are not widely available at this time for the
scripting platforms.
Who said anything about XML DSIG? I just said you could use a
digital
signature, which doesn't require XML at all.
A digital signature of what though?
Whatever information you're digesting now.
And there is key management etc.
What key management? Just hand over the key during the capabilities
exchange.
Requires state management. Current method does not require state. One
of the goals of the capabilities would be able to extend DIX so that
if a Membersite was able to maintain state, key exchange could happen
and the Membersite could verify the message itself.
Would seem challenging to convince anyone to NOT be using XML DSIG
for signing an XML message these days.
If you say so. You seem perfectly happy to digest a bunch of data
without using any special XML pixie dust.
Digest of name / value pairs now. Easier to sidestep the XML
standards police. :)
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
