W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 1999

Re: Understanding what Signed XML is used for - Was: Re: importi

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Thu, 29 Jul 1999 11:24:32 -0400
Message-Id: <3.0.5.32.19990729112432.00a209e0@localhost>
To: "tog" <todd.glassey@www.meridianus.com>
Cc: "Richard Himes" <rhimes@nmcourt.fed.us>, "tog" <todd.glassey@www.meridianus.com>, <w3c-ietf-xmldsig@w3.org>
At 07:54 AM 7/29/99 -0700, tog wrote:
 >To do this we need to address the timestamping, signature, and timebase
 >services models so that the system, has a credible proofing system inherent
 >with its design. 

Agreed, to do that, yes. However, you still have to complete the core
signature syntax before you work on trust applications. Two design
principles are in operation here that I spoke of at the W3C workshop:
        1. Muddying the water doesn't help you get to the bottom any faster.
        2. Punting promotes design generality.

All of those things that you spoke of are difficult problems even if you
think they can be solved trivially by adding an attribute in the sig-block,
there are many many ways to do them incorrectly. [1]

[1] http://www.w3.org/Signature/Drafts/xml-dsig-design-resources-990723.html
_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://w3.org/People/Reagle/
Received on Thursday, 29 July 1999 11:24:30 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:07 GMT