On 13/07/11 18:42, Paul Hoffman wrote: > On Jul 13, 2011, at 10:27 AM, Mike Jones wrote: > >> I strongly disagree with the "basing on CMS" wording. I'd be OK with >> wording more like "drawing upon existing inputs such as CMS, XMLDSIG, and >> XMLENC". >> >> There's a lot to reuse from these documents. But it's prejudicial to have a >> discussion that starts from the assumption that we are basing this work on >> CMS. > > As someone who participated in the early XMLDSIG and XMLENC work, I have to > ask: what do they have for this JSON work that CMS doesn't? That is, there > was a conscious attempt to mirror CMS structures in them. Where they strayed > (such as on namespaces), they went to hell. > > One or two examples here would really help.
Indeed. I think the KeyInfo from XMLDSIG is maybe a slightly better model than (almost) forcing IssuerAndSerialNumber from 5280 as is done in CMS. That's the level at which I think we need to have the discussion to understand what people are claiming is wrong with basing on CMS. For me, other than that example, I really fail to see anything wrong with basing on CMS, so some examples would be very good, even if they only come two weeks after I first asked. (Or, maybe all the disquiet on this topic is really format-wars yet again and from the security p-o-v, content-free;-) S. > > --Paul Hoffman > > _______________________________________________ > woes mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/woes > _______________________________________________ woes mailing list [email protected] https://www.ietf.org/mailman/listinfo/woes
