W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2011

Re: [widgets] How to divorce widgets-digsig from Elliptic Curve PAG?

From: <Frederick.Hirsch@nokia.com>
Date: Wed, 14 Dec 2011 19:21:49 +0000
To: <marcosscaceres@gmail.com>
CC: <Frederick.Hirsch@nokia.com>, <plh@w3.org>, <Art.Barstow@nokia.com>, <tlr@w3.org>, <schepers@w3.org>, <rigo@w3.org>, <public-webapps@w3.org>, <public-xmlsec@w3.org>
Message-ID: <2015D418-3FC4-4F3C-BF80-81BCE92295B0@nokia.com>
this seems logical, in that any outcome for ECC (ranging from continued inclusion to removal) would have no impact on widget signature given this  lack of specific dependency.

regards, Frederick

Frederick Hirsch
Nokia



On Dec 14, 2011, at 2:12 PM, ext Marcos Caceres wrote:

> 
> 
> On Tuesday, December 13, 2011 at 9:14 PM, Philippe Le Hegaret wrote:
> 
>> On Tue, 2011-12-13 at 13:14 -0500, Arthur Barstow wrote:
>> 
>> An other one was for the Director to decide to move the document forward
>> anyway because W-DigSig doesn't depend on ECC.
>> 
>> Thomas, any suggestion?
>> 
> 
> I personally think this is the route of least pain. Widgets Dig Sig just says to do whatever XML Dig Sigs says to do, and it has no explicit dependency on ECC. Furthermore, no widget engine supports ECC to my knowledge and no content has been signed with ECC to my knowledge. Using ECC is certainly not something that is explicitly recommended in Widgets Dig Sig: 
> 
> [[
> The recommended signature algorithm is RSA using the RSAwithSHA256 signature identifier: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
> The recommended key lengths are: 4096 bits for RSA.
> The recommended digest method is SHA-256.
> The recommended canonicalization algorithm is Canonical XML Version 1.1 (omits comments). 
> The recommended certificate format is X.509 version 3 as specified in [RFC5280]. 
> ]]
> 
> 
> 
Received on Wednesday, 14 December 2011 19:22:30 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:49 GMT