Refeds


Subject Re: draft charge, refeds working group on attribute release
From David Chadwick <d.w.chadwick@xxxxxxxxxx>
Date Fri, 01 Jul 2011 22:57:45 +0100

True. I have a wonderful paper by Peter Gutman who said he tried to persuade the XML dig sig people to implement a simple solution that could be rolled out instantly, but he was ignored. Basically he said you only need two new XML elements <SMIME> and <PGP> whose contents are the base64 encoded outputs from the existing dig sig code bases already widely implemented. And then you instantly have signatures to append to XML data structures without requiring any new code. Already supported by browsers, email clients etc.
regards
David

On 01/07/2011 21:20, Leif Johansson wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/01/2011 10:01 PM, David Chadwick wrote:
But once they have added all the crypto to JSON it wont be any simpler
than XML, which is what they are trying to get away from.


I'm not so sure. The current JWT specs do away with normalization which
many claim to be the source of evil in xml-dsig.

	Cheers Leif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4OLBkACgkQ8Jx8FtbMZneQmgCeIhmGyzF+UHM+ZhLuJu1wpILM
am8An0YfndfmyP67xEAEG3x1s/9vMV8M
=K8hf
-----END PGP SIGNATURE-----


--

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@xxxxxxxxxx
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************