[Security] Re: e2e feedback

Peter Saint-Andre stpeter at jabber.org
Fri Mar 16 17:18:45 CDT 2007


Matthias Wimmer wrote:

> But still I keep saying that the protocol we are looking for is XML
> Signature and XML Encryption, that have been defined by the W3C.
> http://www.w3.org/Signature/
> http://www.w3.org/Encryption/2001/
> This are standards specially made to sign and encrypt XML data, so it is
> exactly what we need. And even while I asked on the standards JID, nobody
> could yet tell me, what would be a problem with this standards. 

FWIW, Peter Guttmann has some piquant things to say about xmlenc/xmldsig 
here:

http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt

Though he also thinks that RFC 3923 was a great idea, so YMMV...

/psa

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7358 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20070316/c5f06847/smime.bin


More information about the Security mailing list