W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2011

Re: [widgets] How to divorce widgets-digsig from Elliptic Curve PAG?

From: Marcos Caceres <marcosscaceres@gmail.com>
Date: Sat, 17 Dec 2011 06:49:01 +0000
Message-ID: <CAL1nonKn6ELgB3hgZwr5VLdXWJqhDPpGJYtV544KcAXh+4th-Q@mail.gmail.com>
To: Marcos Caceres <w3c@marcosc.com>
Cc: Rigo Wenning <rigo@w3.org>, "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, "Art.Barstow@nokia.com" <Art.Barstow@nokia.com>, "tlr@w3.org" <tlr@w3.org>, "schepers@w3.org" <schepers@w3.org>, "plh@w3.org" <plh@w3.org>, "public-webapps@w3.org" <public-webapps@w3.org>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>
I think I have a better solution...

1. Widgets points to unversioned:  http://www.w3.org/TR/xmldsig-core/
2. when XML dig sig pag finishes and spec goes to rec, XML Dig Sig 1.X (and
future versions) gets put at http://www.w3.org/TR/xmldsig-core/
3. Done.

That way widgets always just depend on latest and greatest version of XML
dig sig and are not locked into 1.1 (I just finished slamming the XHTML
guys for locking into XML 4ed, so it would be ironic/moronic for me to then
do the same with widget's dependency on XML Dig Sig 1.1 - so I simply won't
do that).

I think that solves the problem much more elegantly both for widgets, and
for everyone else waiting for the PAG to progress. What is needed from the
XML Security Group is assurance that all future Recs of XML Dig Sig will be
published at http://www.w3.org/TR/xmldsig-core/ (or
http://www.w3.org/TR/xmldsig-latest/ if you don't want to obsolete 1.0 with
1.1 - though that would be confusing given that 1.1 fixes 1.0 hence making
1.0 obsolete).

Unicode, SVG, and WHATWG HTML use this model effectively already, so it
would be good if XML dig sigs did the same. It solves the problem now and
for all future versions without need to wait on the resolution of the
PAG... And the automatically benefits once the PAG sorts itself out. Simple
and beautiful! :)

Kind regards,

On Thursday, December 15, 2011, Marcos Caceres <w3c@marcosc.com> wrote:
> On Wednesday, December 14, 2011 at 10:31 PM, Marcos Caceres wrote:
>> On Wednesday, 14 December 2011 at 21:06, Rigo Wenning wrote:
>> > Hi all,
>> >
>> > as the PAG chair of this XMLSEC PAG, let me tell you that support from
>> > industry in sorting this out was low so far. What I heard through the
>> > grapevine was more or less: "We know, but we can't tell you".
>> >
>> > For the moment, W3C is asking for cost estimates to figure out what
most of
>> > the members already know (as they have done the analysis on ECC long
>> > Taking into account the complexity of the subject matter and also the
>> > due to messaging to the AC etc, I'm rather pessimistic about a quick
>> > resolution.
>> That's fine. That just makes for a stronger case to put to the Director
(or for doing what Artb suggested, and moving the ECC to a future version
of XML Dig Sig).
> FYI, document is ready to be published as REC:
>  http://dev.w3.org/2006/waf/widgets-digsig/
> --
> Marcos Caceres
Received on Saturday, 17 December 2011 06:49:47 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:37 UTC