Hi,
I am looking at modernizing the bart(1m) command to also support XML
format manifests and address many of the RFEs and lacking features that
weren't so easy to address in its backwards compatible text format.
In doing so I plan to use libxml2 similarly to SMF, but I would also
like to support manifest signing and signature verification (XML-DSig,)
which would probably be best accomplished with a dependency on libxmlsec
(http://www.aleksey.com/xmlsec/)
My questions for the SMF community are:
How much interest is there in using signed XML, i.e. having signed
service manifests?
If I start the ball rolling on including XMLSec how much interest is
there in participation?
Participation by using the interfaces for SMF manifest verification.
Participation in defining or commenting on interfaces and stability
during the ARC review.
Participation in maintenance, resyncs, etc.
For the crypto community:
The XMLSec Library includes interfaces to rely on various crypto
libraries. I would most likely be importing only libxmlsec-openssl
and/or libxmlsec-nss. Is there interest in participating in the review
of the current interfaces and/or creation of a direct KEF/KMF module?
I look forward to any thoughts and comments.
Thanks,
-Will Young
