W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2009

[widget-digsig] proposed change to 7.1, common constraints, for algorithms

From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
Date: Wed, 18 Mar 2009 16:34:28 -0400
Message-Id: <E91D325C-6DFC-47F9-BFA6-A88FEC8235AD@nokia.com>
To: WebApps WG <public-webapps@w3.org>
Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, Mark Priestley <Mark.Priestley@vodafone.com>, Marcos Caceres <marcosscaceres@gmail.com>
Mark

One issue you raised was that we have MUSTS on algorithms in the  
processing rules in section 7.1, but allow other algorithms in the  
algorithm section with MAY.

After our previous email exchange, I suggest the following changes to  
section 7.1 in Widget Signature [1] to address this concern:

(1) Change item 3b from

The Algorithm attribute of the ds:digestMethod MUST be set to a digest  
algorithm specified in the Algorithms section of this document.

to

The Algorithm attribute of the ds:digestMethod MUST comply with the  
digest algorithm requirements specified in the Algorithms section of  
this document.

(2) Change 5a from

The Algorithm attribute of the ds:CanonicalizationMethod element MUST  
be set to a Canonicalization method specified in the Algorithms  
section of this document.

to

The Algorithm attribute of the ds:CanonicalizationMethod element MUST  
comply with the Canonicalization method algorithm requirements  
specified in the Algorithms section of this document.


(3) Change 5b from

The ds:SignatureValue element MUST contain a signature generated using  
a Signature method specified in the Algorithms section of this  
document and MUST use a key that is of the length of arecommended key  
length.

to

The Signature method algorithm used in the ds:SignatureValue element  
MUST  comply with Signature method algorithm requirements in the  
Algorithms section of this document. The Signature  MUST be produced  
using a key of the recommended key length


Does this change make sense? Do you have any suggestion or comment?

Thanks for the careful review of the draft.

regards, Frederick

Frederick Hirsch
Nokia

[1] http://dev.w3.org/2006/waf/widgets-digsig/

> [mp] While this is better I think it misses the fact that we are
> strongly recommending the use of certain algorithms. I still like the
> idea of including authoring (signing) guidelines/recommendations, ie  
> you
> can sign your widget using any signature algorithm but if you want  
> it to
> work across all W3C widget user agents use algorithm X. Same sort of
> thing for digest algorithm and key length. What do you think?
Received on Wednesday, 18 March 2009 20:36:03 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT