RE: Initial thoughts on chartering from Anthony Nadalin on 2007-10-29 (public-xmlsec-maintwg@w3.org from October 2007)

From: Anthony Nadalin <drsecure@us.ibm.com>
Date: Mon, 29 Oct 2007 10:59:19 -0500
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Cc: public-xmlsec-maintwg@w3.org, public-xmlsec-maintwg-request@w3.org, "Thomas Roessler" <tlr@w3.org>
Message-ID: <OF0C097EF3.926E605A-ON86257383.0057A727-86257383.0057D45F@us.ibm.com>

So I think there are cases where C14N is not needed at all (as you point
out) and there are cases where we can limit this to the sender and
eliminate from the receiver. So I would like to see these topics on the
charter discussions.

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122


|------------>
| From:      |
|------------>
  >------------------------------------------------------------------------------------------------------------------------------------------|
  |"Hallam-Baker, Phillip" <pbaker@verisign.com>                                                                                             |
  >------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To:        |
|------------>
  >------------------------------------------------------------------------------------------------------------------------------------------|
  |Anthony Nadalin/Austin/IBM@IBMUS, "Thomas Roessler" <tlr@w3.org>                                                                          |
  >------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Cc:        |
|------------>
  >------------------------------------------------------------------------------------------------------------------------------------------|
  |<public-xmlsec-maintwg@w3.org>, <public-xmlsec-maintwg-request@w3.org>                                                                    |
  >------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date:      |
|------------>
  >------------------------------------------------------------------------------------------------------------------------------------------|
  |10/29/2007 10:34 AM                                                                                                                       |
  >------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject:   |
|------------>
  >------------------------------------------------------------------------------------------------------------------------------------------|
  |RE: Initial thoughts on chartering                                                                                                        |
  >------------------------------------------------------------------------------------------------------------------------------------------|





How little canonicalization do you want to do?

If we have a signature that is a referenced document that just happens to
be XML encoded there is absolutely no need for c14n.

If we have a signature that is wrapped around the signed object the process
is slightly trickier, if the signature is inside the signed object its
harder still.

I certainly agree that there are many cases where c14n is unnecessary. I
suspect however that to make it work well in the last two cases we will
have to specify the enveloping mechanism more tightly than we do with XSL
transformations. and the like.

From: public-xmlsec-maintwg-request@w3.org on behalf of Anthony Nadalin
Sent: Mon 29/10/2007 9:36 AM
To: Thomas Roessler
Cc: public-xmlsec-maintwg@w3.org; public-xmlsec-maintwg-request@w3.org
Subject: Re: Initial thoughts on chartering



So one item missing from list is ways not to have to use C14N (of any type)

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122

Inactive hide details for Thomas Roessler ---10/29/2007 08:21:24 AM---As a
reminder, some initial thoughts on chartering of folThomas Roessler
---10/29/2007 08:21:24 AM---As a reminder, some initial thoughts on
chartering of follow-up work
                                                                           
                                                                           
 From:                      Thomas Roessler <tlr@w3.org>                   
                                                                           
                                                                           
 To:                        public-xmlsec-maintwg@w3.org                   
                                                                           
                                                                           
 Date:                      10/29/2007 08:21 AM                            
                                                                           
                                                                           
 Subject:                   Initial thoughts on chartering                 
                                                                           






As a reminder, some initial thoughts on chartering of follow-up work
are here:

 http://www.w3.org/2007/xmlsec/wiki/charter

This is mostly an initial list of tasks.  It would be useful to have
this reviewed in time for the call tomorrow, as this document is on
the agenda for it.

Regards,
--
Thomas Roessler, W3C  <tlr@w3.org>

(See attached file: graycol.gif)(See attached file: ecblank.gif)

Attachments

image/gif attachment: graycol.gif
image/gif attachment: ecblank.gif
image/gif attachment: 03-graycol.gif
image/gif attachment: 04-ecblank.gif

Received on Monday, 29 October 2007 16:02:00 UTC