Re: PKIXML session. Was: PKIX WG tentative agenda

["Anders Rundgren" <anders.rundgren@xxxxxxxxx>]

>  IMHO the main advantage of XML over ASN.1 for any of these PKI
> functions, including AC's, is the far greater number of developers who are
> fluent in XML as compared to ASN.1 with BER or DER.  Speaking as one of the
> relatively few who is more fluent in ASN.1 than XML, I know of no other
> reason why XML should be preferred for such uses.  However, since syntax
> difficulty may well have been one of the reasons why SMTP has become widely
> adopted while X.400 has not, this is not a trivial reason.

Tom,
If you have followed my (too) frequent postings on the subject you should know that
there are actually *two* reasons for ACs to use to XML.  The second reason is the lack
of protocol and CA support for a certificate of the AC type.   By using a self-contained
signed object like PKCS #7, or in the XML-world XMLDSIG, the term "attribute certificate"
can be replaced by "signed attribute container" and make the AC replacement belong to
the same league as signed purchase orders etc.  And use *identical* PKI support code.

Using schemes like S2ML, the currently missing AC PUSH support, is already available w.o.
changing a single bit in the underlying PKI systems, protocols and browsers!

Given these facts I am willing to bet on that PKIX-ACs will be virtually insignificant.
Anyone interested in challenging this???

Anders