|
It was somewhat surprising to hear that the
DoD and NSA have selected ECC (and thus also
ECDSA) as the RECOMMENDED asymmetric crypto-system, because XML ECC signatures are to date only covered by
an informational RFC which explicitly states that
it does not represent any kind of
standard:
Maybe the conclusion to be drawn is that XML
signatures are SHOULD NOT be used? Given
the fact that practically every WS* security
related standard builds on XML signatures, this indicates a certain mismatch behind those recommendations and the rest of the IT world.
If anybody have a sample of an RFC 4050 compatible
signature, I would be pleased to get a copy of it for educational
purposes.
Anders Rundgren
|