Alternatie proposal for digital signatures
Steve Allen
sla at ucolick.org
Wed Mar 12 15:40:59 PDT 2008
On Wed 2008-03-12T15:27:49 -0700, Matthew Graham hath writ:
> One of the main motivations for using X.509
> certificates and XML digital signatures is that this is the security
> model recommended by the International Virtual Observatory Alliance
> (IVOA) which defined the VOEvent standard. Consistency and
> interoperability are often better goals than an easier implementation.
There is also the tangle of XML canonicalization. Two XML documents
can be content-identical without being byte-identical, and tools that
handle XML documents may reformat the bytes. This is beyond the ken
of PGP/GPG.
There are many opinions that the W3C Signature standard is way
too complex, way too hard to implement correctly, and requires
way too much consideration on the part of the users.
I agree completely.
On the other hand, I also agree completely that within the scope of
the syntax of XML, there is no simpler option. Toolkits that
implement W3C Signature exist, and we'll have to consider how to use
them.
--
Steve Allen <sla at ucolick.org> WGS-84 (GPS)
UCO/Lick Observatory Natural Sciences II, Room 165 Lat +36.99855
University of California Voice: +1 831 459 3046 Lng -122.06015
Santa Cruz, CA 95064 http://www.ucolick.org/~sla/ Hgt +250 m
More information about the voevent
mailing list