W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: [widget-digsig] Pls review: Additional considerations on elliptic curve algorithms to consider

From: Marcos Caceres <marcosc@opera.com>
Date: Thu, 23 Apr 2009 09:53:28 +0200
Message-ID: <b21a10670904230053k28e7e5afxa1a1bf4b80666be2@mail.gmail.com>
To: "Priestley, Mark, VF-Group" <Mark.Priestley@vodafone.com>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, Web Applications Working Group WG <public-webapps@w3.org>, "Babbage, Steve, VF-Group" <Steve.Babbage@vodafone.com>
On Thu, Apr 23, 2009 at 9:31 AM, Priestley, Mark, VF-Group
<Mark.Priestley@vodafone.com> wrote:
> Hi Frederick, All,
>
> Vodafone supports the move to support ECDSA in XML Signature 1.1 [2] and
> welcomes the new clarifying text. Vodafone will not object to
> ECDSAwithSHA256 being specified as mandatory [2] however we would like
> to propose that it is a recommended algorithm in Widgets 1.0: Digital
> Signatures [5] (e.g. a SHOULD).

Sorry, it doesn't make sense to have them as a "should" in this
context. Either they are in or out because in practice engines will
need to support all prescribed algorithms. Lets keep to the smallest
possible subset of most commonly used algorithms in 1.0; every
algorithm we add makes this specification more difficult/expensive to
implement, adds more points of failure, etc. If the market shifts to
new algorithms, then we can add those later in a new draft.

Kind regards,
Marcos
-- 
Marcos Caceres
http://datadriven.com.au
Received on Thursday, 23 April 2009 07:54:22 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT