PGP for official documents / eIDAS and ZertES
Ben McGinnes
ben at adversary.org
Fri Jun 2 22:37:32 CEST 2017
On Fri, Jun 02, 2017 at 09:39:51PM +0200, Werner Koch wrote:
> On Wed, 31 May 2017 19:34, ankostis at gmail.com said:
>
> | >>I have some questions related to XML-Dsig:
> | >
> | >Argghh!! Run away!
> |
> | A near-universal reaction.
>
> XML crypto can be summarized as
> we-repeat-all-bugs-the-other-two-protocols-meanwhile-fixed-and-add-extra-complexity-for-even-more-fun
> See also <https://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt>
I like XML, it's very good at what it was originally intended for. I
like crypto, and specifically OpenPGP, too and for much the same
reasons ...
I am *not*, however, crazy enough to to even consider attempting this.
That way lies only madness and ruin. Or, to put it another way, I
listened to Peter the first time around. ;)
> ps. I already have my share of grey hair from implementing X.509/CMS.
> There is not enough left for an XML crypto endeavor.
Mine's not expendable either and I didn't need to go anywhere near
X.509 to know that.
The closest anyone should get to that sort of thing is "I have foo.xml
and I've signed it, I now also have foo.xml.sig" and that's it.
Regards,
Ben
P.S. You heard me say "no" right? Just checking ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: </pipermail/attachments/20170603/f4d9fc6f/attachment.sig>
More information about the Gnupg-users
mailing list