The State of VOEvent

Steve Allen sla at ucolick.org
Fri Jun 6 16:53:03 PDT 2008


On Fri 2008-06-06T15:50:09 -0700, Rob Seaman hath writ:
> Is there some reason,
> however, that PGP can't be used to sign a canonical XML packet?  What
> are the strengths and weaknesses of that notion?

I may be wrong, but of the components in W3C Signature, I got the
impression that the canonicalization algorithms are far more complex
than the signing ones.

In W3C Signature, the XML that is shipped can remain in the original
format, which may be nicely arranged for humans to read.  The
canonicalization is all done transiently, and internally to the tools,
and in a way that communicates what form of canonicalization was done
to the recipient.

If PGP were to be used then the original VOEvent would have to be
canonicalized, presented to PGP, and then a new scheme invented to
keep the association between VOEvent, canonicalization algorithm, and
signature.  That's either using or reinventing the harder component of
W3C Signature and then inventing more technology.

--
Steve Allen                 <sla at ucolick.org>                WGS-84 (GPS)
UCO/Lick Observatory        Natural Sciences II, Room 165    Lat  +36.99855
University of California    Voice: +1 831 459 3046           Lng -122.06015
Santa Cruz, CA 95064        http://www.ucolick.org/~sla/     Hgt +250 m



More information about the voevent mailing list