W3C home > Mailing lists > Public > public-xmlsec@w3.org > September 2008

Seeking feedback regarding Widgets Digital Signatures spec

From: Arthur Barstow <art.barstow@nokia.com>
Date: Fri, 26 Sep 2008 08:58:30 -0400
Message-Id: <E8E532B4-5251-4297-9A90-7F9121C5DDE1@nokia.com>
Cc: public-webapps <public-webapps@w3.org>
To: public-xmlsec@w3.org

Frederick, All,

As you may know, the Web Applications WG [WebApps] is working on a  
Digital Signature specification for "Widgets" (see [Widgets] for a  
definition of Widget in this context).

The FPWD of our Digital Signature spec is at [DigSig-TR] and the  
latest Editor's Draft is available at [DigSig-ED].

Anyhow, during our August f2f meeting, we discussed what we call  
Issue #22 - "Is sha1 as a DigestMethod strong enough for Widgets  
digital signatures?" [Issue-22]. At then end of this discussion  
[Issue-22-Discuss] I agreed to the following action:

[[
Ask the XML Sec WG "what algorithm do you recommend we use and what  
identifier should we use for it?
]]

Our questions are:

1. What (if any) issues do you foresee if we require support for  
SHA-256 (rather than SHA-1)?

2. What algorithm should we use?

3. What identifier should we use for the algorithm?

-Regards, Art Barstow
Co-Chair of the WebApps WG

[WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page>
[Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction>
[DigSig-TR] <http://www.w3.org/TR/widgets-digsig/>
[DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/>
[Issue-22] <http://www.w3.org/2008/webapps/track/issues/22>
[Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam- 
minutes.html#item07>
Received on Friday, 26 September 2008 13:03:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:55 GMT