PGP for official documents / eIDAS and ZertES
Werner Koch
wk at gnupg.org
Fri Jun 2 21:39:51 CEST 2017
On Wed, 31 May 2017 19:34, ankostis at gmail.com said:
> More detailed, from the three standards supported, only the last one,
> XML-sig, supports PGP: https://www.w3.org/TR/xmldsig-core/#sec-PGPData
That looks pretty much like a re-specification of PKCS#15 which also has
provisions for PGP and SPKI. However, I have never seen an
implementation of that and the whole spec is heavily underspecified to
actually implement something based on this. PKCS#15 at least tried to
unify existing protocols for tokens.
| >>I have some questions related to XML-Dsig:
| >
| >Argghh!! Run away!
|
| A near-universal reaction.
XML crypto can be summarized as
we-repeat-all-bugs-the-other-two-protocols-meanwhile-fixed-and-add-extra-complexity-for-even-more-fun
See also <https://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt>
If someone really likes that stuff and want to give it a try, I would
suggest to write it along the lines of GnuPG's gpgsm tool so that it has
a similar external interface. Adding this tool to GPGME would then be
the simple part.
SCNR,
Werner
ps. I already have my share of grey hair from implementing X.509/CMS.
There is not enough left for an XML crypto endeavor.
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170602/d146d209/attachment.sig>
More information about the Gnupg-users
mailing list