Re: PKIXML session. Was: PKIX WG tentative agenda

[thayes@xxxxxxxxxxxx (Terry Hayes)]

Polar Humenn wrote:
> On Thu, 7 Dec 2000, Tim Polk wrote:
>
> <snipped>
> > To be honest, I personally believe that XML is an 
> > inappropriate encoding format for certificates (public key *or* attribute).
>
> Forgive me, I'm just an academic. So, my I ask, what does the encoding
> format really matter? And especially, why is XML "inappropriate" for
> certificates?
>     
At the end of the day, the encoding format doesn't really matter.  As long
as the required data is included in the payload, and all the parties involved
can decode and process the message, the desired results will be acheived.
    
However,  there currently is a widely deployed and useful infrastructure
for certificates that uses ASN.1, DER and X.509 as the standard way of representing
the payload.  There are applications and protocols that use this infrastructure
such as TLS/SSL, S/MIME and even XMLDSIG that embed these existing formats. 
There is infrastructure developed and deployed for generating these certificates. 
There are standard interfaces to devices that provided mechanisms for dealing
with X.509 certificates (I'm thinking of PKCS#11).
    
Why would you want to replace all of these just for the sake of "purity of XML"?
    
Terry