W3C home > Mailing lists > Public > public-xmlsec@w3.org > December 2011

Re: [widgets] How to divorce widgets-digsig from Elliptic Curve PAG?

From: <Frederick.Hirsch@nokia.com>
Date: Thu, 29 Dec 2011 14:11:05 +0000
To: <Art.Barstow@nokia.com>
CC: <Frederick.Hirsch@nokia.com>, <public-xmlsec@w3.org>, <tlr@w3.org>, <public-webevents@w3.org>, <w3c@marcosc.com>, <public-webapps@w3.org>, <rigo@w3.org>
Message-ID: <3AA9CB85-E1A4-4454-A5B4-19286619FFB4@nokia.com>
As I said before, this action is premature and we should let the PAG conclude (or at least wait for a status report) - the W3C Team may have more to say, but if this is on the order of weeks I do not think making work here to have apparent progress is useful. I have not seen a definitive statement from the ECC PAG chair.

Did you read the message from Brian LaMacchia? If not, please read it, as it provides additional argument against this proposed change.

I am against revising XML Signature 1.1 until I understand the actual PAG status and until we have XML Security WG agreement. This endless email debate is not helpful and I'm not sure I understand the urgency related to widgets apart from a desire to mark it as complete.

regards, Frederick

Frederick Hirsch
Nokia



On Dec 21, 2011, at 9:35 AM, Arthur Barstow wrote:

> TLR, FH, XMLSecWG,
> 
> On 12/21/11 6:03 AM, ext Marcos Caceres wrote:
>>  Lets go back an look at the options we have  to divorce Widgets/XML Dig Sig from Elliptic Curve:
>> 
>>   1. Remove ECC from XML Dig Sig (in my opinion, "the right thing to do"):
>> 
>>   pros:
>>      - frees both XML Dig Sig and Widgets Dig Sig to progress to REC at full speed.
>>      - begins a pattern of divorcing signature algorithms from processing (a good thing, which avoids this kind of mess!)
>> 
>>   cons:
>>      - new small spec needed
>>      - XML Dig Sig missing an important algorithm.
> 
> Based on a quick scan of the XMLSec WG's mail archive [2], it appears that WG has known about potential IP issues related to Certicom/RIM and ECC for almost 3 years. As such, surely the WG has already discussed refactoring the XMLSig spec in a way like Marcos and I proposed.
> 
> Would you please explain why the WG objects to such refactoring (or provide a link(s) to the related discussion)?
> 
> As an FYI for the XMLSec WG members, note that another widget spec was blocked for two years because of a PAG [1] so it's quite understandable that having widgets-digsig blocked by YA PAG creates concerns for some WG members, especially given the ECC PAG Chair's "pessimistic" view [3] of a "quick" PAG resolution.
> 
> -Thanks, AB
> 
> [1] http://www.w3.org/2009/11/widgets-pag/pagreport.html
> [2] http://www.w3.org/Search/Mail/Public/search?keywords=&hdr-1-name=subject&hdr-1-query=certicom&index-grp=Public_FULL&index-type=t&type-index=public-xmlsec
> [3] http://lists.w3.org/Archives/Public/public-webapps/2011OctDec/1540.html
> 
> 
Received on Thursday, 29 December 2011 14:11:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 29 December 2011 14:11:44 GMT