• To: Dennis Sosnoski <dms@s...>
• Subject: Re: Rich & Elliotte were right, I was wrong
• From: Rich Salz <rsalz@d...>
• Date: Mon, 15 Mar 2004 15:57:10 -0500
• Cc: xml-dev@l...
• In-reply-to: <4056139E.2070704@s...>
• References: <ADA1E0AB9452BB48B063228627805EC901726EB1@R...> <4056139E.2070704@s...>
• User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030507

Dennis Sosnoski wrote:
> This suggests to me that XML DSig is basically a questionable idea. Why 
> the obsession with text? It seems like doing this at the Infoset level 
> would be much simpler (and much more efficient).

(XML DSIG and XML-Encryption are based on the XPath 1.0 model.)

Cryptography works on bytes.  Since there is no standard serialization 
for an Infoset, and since you can create infosets that are 
unserializable, you cannot build cryptographic functions such as 
signature and encryption without first solving those problems.

Or, you can say that the fact that security relies on bytes means that 
the whole infoset approach will fail because security is more important 
than an abstract information model. :)

	/r$

-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

• Follow-Ups:
  • Re: Rich & Elliotte were right, I was wrong
    • From: Dennis Sosnoski <dms@s...>

• References:
  • RE: Rich & Elliotte were right, I was wrong
    • From: "Derek Denny-Brown" <derekdb@m...>
  • Re: Rich & Elliotte were right, I was wrong
    • From: Dennis Sosnoski <dms@s...>

• Prev by Date: Re: Rich & Elliotte were right, I was wrong
• Next by Date: Type unique can not occur after declaration
• Previous by thread: Re: Rich & Elliotte were right, I was wrong
• Next by thread: Re: Rich & Elliotte were right, I was wrong
• Index(es):
  • Date
  • Thread