W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 1999

Re: Understanding what Signed XML is used for - Was: Re: importi

From: tog <todd.glassey@www.meridianus.com>
Date: Fri, 30 Jul 1999 09:04:59 -0700
Message-ID: <00c701bedaa5$48ad5290$0b0aff0c@lab.gmtsw.com>
To: "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: "Richard Himes" <rhimes@nmcourt.fed.us>, <w3c-ietf-xmldsig@w3.org>
Joseph,
----- Original Message -----
From: Joseph M. Reagle Jr. <reagle@w3.org>
To: tog <todd.glassey@www.meridianus.com>

>
> Agreed, to do that, yes. However, you still have to complete the core
> signature syntax before you work on trust applications. Two design
> principles are in operation here that I spoke of at the W3C workshop:
>
>         1. Muddying the water doesn't help you get to the bottom any
faster.

Yes, but knowing the totality of the use models tells you how deep the water
potentially is, and right now we don't know this.

>         2. Punting promotes design generality.

What do you mean by "Punting"

>
> All of those things that you spoke of are difficult problems even if you
> think they can be solved trivially by adding an attribute in the
sig-block,
> there are many many ways to do them incorrectly. [1]

And this is ecactly why in the PKI world the "use model" (Applicability
Statements) are so powerful. becuase if we don't set the scope of the
usefull envelope of our technologies, the implementors may (read as "will")
try to do stuff that is inherently broke and we wind up looking like fools
then for not telling them they couldn't do "XY and Z" without "A" too.


Todd
Received on Friday, 30 July 1999 11:50:56 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:07 GMT