Subject Re: draft charge, refeds working group on attribute release
From David Chadwick <d.w.chadwick@xxxxxxxxxx>
Date Fri, 01 Jul 2011 22:57:45 +0100

True. I have a wonderful paper by Peter Gutman who said he tried to persuade the XML dig sig people to implement a simple solution that could be rolled out instantly, but he was ignored. Basically he said you only need two new XML elements <SMIME> and <PGP> whose contents are the base64 encoded outputs from the existing dig sig code bases already widely implemented. And then you instantly have signatures to append to XML data structures without requiring any new code. Already supported by browsers, email clients etc.

On 01/07/2011 21:20, Leif Johansson wrote:
Hash: SHA1

On 07/01/2011 10:01 PM, David Chadwick wrote:
But once they have added all the crypto to JSON it wont be any simpler
than XML, which is what they are trying to get away from.

I'm not so sure. The current JWT specs do away with normalization which
many claim to be the source of evil in xml-dsig.

	Cheers Leif
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -



David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@xxxxxxxxxx
Home Page:
Research Web site:
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5