Cart
[Home] [By Thread] [By Date] [Recent Entries]
Rich Salz wrote: >Dennis Sosnoski wrote: > > >>This suggests to me that XML DSig is basically a questionable idea. Why >>the obsession with text? It seems like doing this at the Infoset level >>would be much simpler (and much more efficient). >> >> > >(XML DSIG and XML-Encryption are based on the XPath 1.0 model.) > >Cryptography works on bytes. Since there is no standard serialization >for an Infoset, and since you can create infosets that are >unserializable, you cannot build cryptographic functions such as >signature and encryption without first solving those problems. > Well, on the bright side I guess the extreme overhead of basing DSIG and Encryption on XPath rather than some standardized serialization of the Infoset means there's a growing market for appliances to take over the processing... but I guess you already know that. :-) >Or, you can say that the fact that security relies on bytes means that >the whole infoset approach will fail because security is more important >than an abstract information model. :) > > > I'd suspect that any reasonable implementation of c14n is actually working at a level equivalent to the Infoset internally, anyway - it just serializes the Infoset out following the special rules for c14n XML. Is there any other way of handling c14n that's not equivalent to this? - Dennis
|
