On Fri, Jun 02, 2017 at 09:39:51PM +0200, Werner Koch wrote: > On Wed, 31 May 2017 19:34, [email protected] said: > > | >>I have some questions related to XML-Dsig: > | > > | >Argghh!! Run away! > | > | A near-universal reaction. > > XML crypto can be summarized as > we-repeat-all-bugs-the-other-two-protocols-meanwhile-fixed-and-add-extra-complexity-for-even-more-fun > See also <https://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt>
I like XML, it's very good at what it was originally intended for. I like crypto, and specifically OpenPGP, too and for much the same reasons ... I am *not*, however, crazy enough to to even consider attempting this. That way lies only madness and ruin. Or, to put it another way, I listened to Peter the first time around. ;) > ps. I already have my share of grey hair from implementing X.509/CMS. > There is not enough left for an XML crypto endeavor. Mine's not expendable either and I didn't need to go anywhere near X.509 to know that. The closest anyone should get to that sort of thing is "I have foo.xml and I've signed it, I now also have foo.xml.sig" and that's it. Regards, Ben P.S. You heard me say "no" right? Just checking ...
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
