Re: PKIXML session. Was: PKIX WG tentative agenda

["Tom Gindin" <tgindin@xxxxxxxxxx>]

     IMHO the main advantage of XML over ASN.1 for any of these PKI
functions, including AC's, is the far greater number of developers who are
fluent in XML as compared to ASN.1 with BER or DER.  Speaking as one of the
relatively few who is more fluent in ASN.1 than XML, I know of no other
reason why XML should be preferred for such uses.  However, since syntax
difficulty may well have been one of the reasons why SMTP has become widely
adopted while X.400 has not, this is not a trivial reason.

          Tom Gindin


thayes@netscape.com (Terry Hayes) on 12/07/2000 02:00:24 PM

To:   Polar Humenn <polar@adiron.com>
cc:   Tim Polk <tim.polk@nist.gov>, ietf-pkix@imc.org
Subject:  Re: PKIXML session.  Was: PKIX WG tentative agenda



Polar Humenn wrote:

On Thu, 7 Dec 2000, Tim Polk wrote:

<snipped>


To be honest, I personally believe that XML is an
inappropriate encoding format for certificates (public key *or* attribute).



Forgive me, I'm just an academic. So, my I ask, what does the encoding
format really matter? And especially, why is XML "inappropriate" for
certificates?


At the end of the day, the encoding format doesn't really matter.  As long
as the required data is included in the payload, and all the parties
involved can decode and process the message, the desired results will be
acheived.

However,  there currently is a widely deployed and useful infrastructure
for certificates that uses ASN.1, DER and X.509 as the standard way of
representing the payload.  There are applications and protocols that use
this infrastructure such as TLS/SSL, S/MIME and even XMLDSIG that embed
these existing formats.  There is infrastructure developed and deployed for
generating these certificates.  There are standard interfaces to devices
that provided mechanisms for dealing with X.509 certificates (I'm thinking
of PKCS#11).

Why would you want to replace all of these just for the sake of "purity of
XML"?

Terry