W3C home > Mailing lists > Public > public-xmlsec@w3.org > July 2008

Re: Changing Signature algorithm implementation requirements

From: Sean Mullan <Sean.Mullan@Sun.COM>
Date: Wed, 23 Jul 2008 13:02:51 -0400
To: Frederick Hirsch <frederick.hirsch@nokia.com>
Cc: public-xmlsec@w3.org
Message-id: <4887643B.7010002@sun.com>

I'm concerned about relaxing algorithm requirements as this can affect 
compatibility. This means existing signatures using DSA or C14N 1.0 may 
not be capable of being validated with newer implementations that don't 
have to support these algorithms. I think once an algorithm is required, 
we should support that going forward unless there is a very good reason 
not to.

--Sean

Frederick Hirsch wrote:
> 
> XML Signature (1st and 2nd editions) have a list of mandatory and 
> recommended algorithms in the implementation requirements section.
> 
> http://www.w3.org/TR/2008/PER-xmldsig-core-20080326/#sec-AlgID
> 
> I'd like us to discuss whether we should change this list going forward 
> as follows (independent of other more significant changes for now):
> 
> 1.  Signature:
> Change DSAwithSHA1 (DSS) from Required to Recommended
> Change RSAwithSHA1 from Recommended to Required
> 
> Given the change in RSAwithSHA1 licensing status this change might 
> better reflect implementations.
> 
> 2. Canonicalization:
> 
> Change  Canonical XML 1.0(omits comments) from Required to Deprecated
> Change  Canonical XML 1.0 with  comments) from Recommended to Deprecated
> 
> Given the issues with xml:id and xml:base, we may want to discourage use 
> of Canonical XML 1.0 in the future.
> 
> regards, Frederick
> 
> Frederick Hirsch
> Nokia
> 
> 
> 
> 
Received on Wednesday, 23 July 2008 17:03:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:54 GMT