W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2009

Re: proposed editor's note on mandatory to implement algorithms (ACTION-214)

From: Thomas Roessler <tlr@w3.org>
Date: Wed, 18 Feb 2009 00:41:33 +0100
To: Frederick Hirsch <frederick.hirsch@nokia.com>
Message-Id: <667BE4A3-F815-4146-B564-602718DFB814@w3.org>
Cc: Rob Miller <rdmiller@mitre.org>, Brian LaMacchia <bal@exchange.microsoft.com>, Chris Solc <csolc@adobe.com>, Kenneth M Graf <kenneth.m.graf@intel.com>, XMLSec WG Public List <public-xmlsec@w3.org>
On 18 Feb 2009, at 00:37, Frederick Hirsch wrote:

> I suggest the following change to your proposed editors note:
>
> (a) Change "Positions of Working Group members include:" to
> "Positions of some Working Group members against the currently  
> expressed mandatory algorithms include:"

Fine with me; however, in that case, (2) would move into a separate  
section "in favor".

>
> (b) For #2 suggest changing
> "both for hash and public-key algorithms." to "both for hash and  
> public-key algorithms, in the event one is proven insecure, to  
> enable a quick change to an alternative."
>
> (c) in #2 Remove ", which is, e.g., not the case for RSA."
>
> (d) change #3 to:
>
> 3. There should be recommended algorithms, but no mandatory to
> implement algorithms.  The rationale is that this gives greater  
> flexibility to deployments.

works for me; I'd like to hear Ken's take.

> (Other WG members argued against this since it could harm  
> interoperability not having mandatory algorithms.)

We're not descending into the back-and-forth about the other  
arguments, either, so I'd rather leave this out.  (In particular since  
I suspect that the counter-argument -- and the counter-counter- 
argument -- are well understood by much of the audience.)
Received on Tuesday, 17 February 2009 23:45:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT