On Fri, 10 Jun 2005, Rich Salz wrote:
I don't want to have to re-implement Apache in order to do
an SSL implementation. ...
Those analogies aren't apt. XML is a data format, so it's more like
I don't want to have to implement ASN1/DER to do S/MIME
Which is a nonsens
I don't want to have to re-implement Apache in order to do
an SSL implementation. ...
Those analogies aren't apt. XML is a data format, so it's more like
I don't want to have to implement ASN1/DER to do S/MIME
Which is a nonsensical complaint.
Makes sense to me. The
Rich Salz <[EMAIL PROTECTED]> writes:
>Peter's shared earlier drafts with me, and we've exchanged email about this.
>The only complaint that has a factual basis is this:
>
>I don't want to have to implement XML processing to do
>XML Digital Signatures
I don't want to have
Ben Laurie <[EMAIL PROTECTED]> writes:
>Anne & Lynn Wheeler wrote:
>> Peter Gutmann wrote:
>>> That cuts both ways though. Since so many systems *do* screw with
>>> data (in
>>> insignificant ways, e.g. stripping trailing blanks), anyone who does
>>> massage
>>> data in such a way that any trivial
Anne & Lynn Wheeler wrote:
Peter Gutmann wrote:
That cuts both ways though. Since so many systems *do* screw with
data (in
insignificant ways, e.g. stripping trailing blanks), anyone who does
massage
data in such a way that any trivial change will be detected is going
to be
inundated with f
Ian G wrote:
On Wednesday 01 June 2005 15:07, [EMAIL PROTECTED] wrote:
Ian G writes:
| In the end, the digital signature was just crypto
| candy...
On the one hand a digital signature should matter more
the bigger the transaction that it protects. On the
other hand, the bigger the transaction
Peter Gutmann wrote:
> Yup, see "Why XML Security is Broken",
> http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt, for more on this.
Peter's shared earlier drafts with me, and we've exchanged email about this.
The only complaint that has a factual basis is this:
I don't want to have to
Peter Gutmann wrote:
Yup, see "Why XML Security is Broken",
http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt, for more on this. Mind
you ASN.1 is little better, there are rules for deterministic encoding, but so
many things get them wrong that experience has shown the only safe way to
handl
> That cuts both ways though. Since so many systems *do* screw with data (in
> insignificant ways, e.g. stripping trailing blanks), anyone who does massage
> data in such a way that any trivial change will be detected is going to be
> inundated with false positives. Just ask any OpenPGP implement
Anne & Lynn Wheeler <[EMAIL PROTECTED]> writes:
>the problem was that xml didn't have a deterministic definition for encoding
>fields.
Yup, see "Why XML Security is Broken",
http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt, for more on this. Mind
you ASN.1 is little better, there are rules
Peter Gutmann wrote:
That cuts both ways though. Since so many systems *do* screw with data (in
insignificant ways, e.g. stripping trailing blanks), anyone who does massage
data in such a way that any trivial change will be detected is going to be
inundated with false positives. Just ask any Op
Rich Salz <[EMAIL PROTECTED]> writes:
>I think signatures are increasingly being used for technical reasons, not
>legal. That is, sign and verify just to prove that all the layers of
>middleware and Internet and general bugaboos didn't screw with it.
That cuts both ways though. Since so many s
On the one hand a digital signature should matter more
the bigger the transaction that it protects. On the
other hand, the bigger the transaction the lower the
probability that it is between strangers who have no
other leverage for recourse.
I think signatures are increasingly being used for te
[EMAIL PROTECTED] wrote:
On the one hand a digital signature should matter more
the bigger the transaction that it protects. On the
other hand, the bigger the transaction the lower the
probability that it is between strangers who have no
other leverage for recourse.
And, of course, proving anyt
On Wednesday 01 June 2005 15:07, [EMAIL PROTECTED] wrote:
> Ian G writes:
> | In the end, the digital signature was just crypto
> | candy...
>
> On the one hand a digital signature should matter more
> the bigger the transaction that it protects. On the
> other hand, the bigger the transaction t
Ian G writes:
|
| In the end, the digital signature was just crypto
| candy...
|
On the one hand a digital signature should matter more
the bigger the transaction that it protects. On the
other hand, the bigger the transaction the lower the
probability that it is between strangers who have
16 matches
Mail list logo
