Mridul wrote:
Peter Saint-Andre wrote:Matthias Wimmer wrote:But still I keep saying that the protocol we are looking for is XML Signature and XML Encryption, that have been defined by the W3C. http://www.w3.org/Signature/ http://www.w3.org/Encryption/2001/ This are standards specially made to sign and encrypt XML data, so it isexactly what we need. And even while I asked on the standards JID, nobody could yet tell me, what would be a problem with this standards.FWIW, Peter Guttmann has some piquant things to say about xmlenc/xmldsig here:http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt Though he also thinks that RFC 3923 was a great idea, so YMMV... /psaI always considered 3923 a pretty decent idea since it was practical ...
Practical, other than the PKI dependency (or can you use self-signed certificates?) and the CPIM usage (which developers hate, there are no CPIM parsers) and the MIME stuff (very much not jabberish). As someone once said, S/MIME is the only known security technology with more implementations than users. :)
xml security related specs have always been a mess to implement (reminds me a lot of the SOAP bloat).
Ick yes. /psa
smime.p7s
Description: S/MIME Cryptographic Signature
