[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OCSP-X vs SCVP

To: ietf-pkix@xxxxxxx
Subject: Re: OCSP-X vs SCVP
From: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>
Date: Mon, 13 Nov 2000 15:40:19 -0500 (EST)
Reply-to: "David P. Kemp" <dpkemp@xxxxxxxxxxxxxx>

> From: "Anders Rundgren" <anders.rundgren@telia.com>
> 
> Actually I don't sugggest that an 'equivalent' XML implementation is to be
> created.  A brand new scheme is what I believe is needed.
> 
> One reason for wanting ACs to use XMLDSIG is to be able to specify the specifc
> local/global/national/application/whatever attribute profile as an XML schema.
> Because unlike PKCs the variation in ACs is virtually unlimited which makes 
this "feature" extremely critical.
> And also unlike PKCs the exact interpretation of virtually all fields is 
probably a requirement in just about
> all likely applications.  <<<< I.e. an AC is really a "message" to be acted 
upon >>>>


I'm sorry, I don't follow the above.  In a PKC, an "exact
interpretation" of all fields is a requirement - Validity is not just
two strings, it is two dates which must be compared against a system
clock to determine if the cert is within range.  Subject and Issuer are
not only displayed, they are chained, and used as search criteria.
Public key is not just a string of bits, it is a cryptographic value
which is used in a defined algorithm in a defined manner.  The syntax
(the order of fields, the field types, and value constraints) are not
sufficient to act upon a PKC; the application must know what each field
means and process it accordingly.

In contrast, I don't see how an XML schema, whether it is local/global/
application/whatever, can communicate anything more about the semantics
of a message (how it is to be acted upon) than can an ASN.1 type
definition.   Java can say "convert this digit string to a timeval
and compare it to the system clock", but how can you say such a thing
using XML?  W3C claims: "The XML Schema Working Group is addressing means
for defining the structure, content, and semantics of XML documents", but
here "semantics" is in the eye of the writer.  I believe you can use
XML to label data values for "customer record" and "shoe size", but I
don't believe that an XML DTD can express the fact that the "key usage"
field of a certificate is involved in determining the validity of a
cert path (i.e. that a path is a series of zero or more CA certificates
followed by a single End Entity certificate).  The XML notion of
"semantics" might more accurately be called "data labels".  I'd be
surprised to learn of some semantic capability that can be expressed in
an XML DTD but not in ASN.1.

Follow-Ups:
- Re: OCSP-X vs SCVP
  - From: Anders Rundgren

Prev by Date: RE: Should PKIX protocols support XML well
Next by Date: Fw: FW: Fun PKI Article from Down Under
Previous by thread: Re: OCSP-X vs SCVP
Next by thread: Re: OCSP-X vs SCVP
Index(es):
- Date
- Thread