PGP for official documents / eIDAS and ZertES

ankostis ankostis at gmail.com
Tue Oct 10 10:40:38 CEST 2017


But it doesn't have to be XML!
Besides ETSI, the european organization implementing eIDAS has 3 "standards"
(e.g. [1]):
XADES(XML), PADES (pdf), CADES - the last one doubting if it has any modern use.

Why not push them for a new PGPADES standard?

Best,
  Kostis

[1] https://blogs.adobe.com/security/91014620_eusig_wp_ue.pdf

On 2 June 2017 at 22:37, Ben McGinnes <ben at adversary.org> wrote:
> On Fri, Jun 02, 2017 at 09:39:51PM +0200, Werner Koch wrote:
>> On Wed, 31 May 2017 19:34, ankostis at gmail.com said:
>>
>> |  >>I have some questions related to XML-Dsig:
>> |  >
>> |  >Argghh!! Run away!
>> |
>> |  A near-universal reaction.
>>
>> XML crypto can be summarized as
>> we-repeat-all-bugs-the-other-two-protocols-meanwhile-fixed-and-add-extra-complexity-for-even-more-fun
>> See also <https://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt>
>
> I like XML, it's very good at what it was originally intended for.  I
> like crypto, and specifically OpenPGP, too and for much the same
> reasons ...
>
> I am *not*, however, crazy enough to to even consider attempting this.
> That way lies only madness and ruin.  Or, to put it another way, I
> listened to Peter the first time around.  ;)
>
>> ps. I already have my share of grey hair from implementing X.509/CMS.
>>     There is not enough left for an XML crypto endeavor.
>
> Mine's not expendable either and I didn't need to go anywhere near
> X.509 to know that.
>
> The closest anyone should get to that sort of thing is "I have foo.xml
> and I've signed it, I now also have foo.xml.sig" and that's it.
>
>
> Regards,
> Ben
>
> P.S.  You heard me say "no" right?  Just checking ...



More information about the Gnupg-users mailing list