W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 1999

Re: comments on 990806 Requirements Doc

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Tue, 17 Aug 1999 16:08:45 -0400
Message-Id: <3.0.5.32.19990817160845.009a3dd0@localhost>
To: dee3@us.ibm.com
Cc: "Richard D. Brown" <rdbrown@Globeset.com>, "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>, "John Boyer" <jboyer@uwi.com>
[Comments to an email from  Don, that hasn't yet made it to the list.]

At 13:21 99/08/17 -0400, dee3@us.ibm.com wrote:
 >2.2:  Suggest changing "The manifest includes..." to "The manifest must
 >support..." so as to permit other types of manifest.

Manifests that don't use URIs? If so, what would be the example?

 >3.1.2: Assumes the manifest of locators model.  Perhaps simply changing
 >"XML-signatures apply ..." to "XML-signatures may apply..." would give the
 >flexibility needed to accodate other models.

What other models are we speaking of?

 >3.1.2.1, 3.1.2.2, 3.1.2.3: I don't understand why these points are at the
fourth
 >level.  S

Ok, they've been promoted.

 >3.1.3 & 3.3.1: Suggest replacing "negotiation" with "calculation".  I
believe
 >this refers to Diffie-Hellman and I think calculation is more accurate than
 >negotiation.  Might even want to change 3.1.3 to be "...calculation of
keying
 >material such as Diffie-Hellman agreement."

Done. Richard if you object, say so.

 >3.2.1: Suggest simply replacing "document" with "element" and dropping the
boxed
 >comment.

Now reads, "An XML-signature must be a well-balanced XML region (as defined
by XML-Fragment) that begins and ends with a signature element. [Charter]"

 >3.2.2: Suggest replacing "required" with "mandatory to implement".

ok.

 >3.3.3: I think behaviour in this case is application dependent.  It would
be
 >good for applications to at least notice conflicts and be able to report
them.
 
Are you agreeing with the comment? Could you restate the requirement or
comment?

 >Boxed comment at the end of 3.4: I don't see that packaging is that
dependent on
 >trust/semantic definitions.  Since there are fragment and package WGs, why
isn't
 >coordination with them adequate?

(At 4.2. Package might start next year, and Boyer doesn't think the fragment
work is sufficient, so I'm flagging these as particularly salient
dependencies.



_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://w3.org/People/Reagle/
Received on Tuesday, 17 August 1999 16:08:57 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:07 GMT