W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: The XML-DSig Non-standard, or Location/Transforms as 'hints'

From: John Boyer <jboyer@uwi.com>
Date: Sat, 20 Nov 1999 12:23:26 -0800
To: "Peter Lipp" <Peter.Lipp@iaik.at>, <w3c-ietf-xmldsig@w3.org>
Hi Peter,

Actually, the whole debate is about whether location should be a hint or
whether location should be a <emph> properly </emph> used URL.  The latter
is hurt by the former.  

Core code must either treat location as a proper URL or core code must call
back into application code to resolve location if it is only a 'hint' as to
how to obtain the bag of bits that were signed.

I favor the idea that we either treat location as a proper URL (which means
that some apps need to omit it from SignedInfo), or that we recognize that
core behavior shouldn't be trying to dig up the bits because it can't and
strip out the notion of trying to go to externally located resources.  In
truth, I favor the latter quite a bit, which is a point that I think we
agree on.

I sent a simplified syntax proposal to the list a short while ago.  When it
shows up, I would really appreciate it if you would take the time to have a
look at it and start some serious dialog on whether the WG should move in
this direction.  To be honest, the proposal relies heavily on what we
already have.  It only says to push to the Manifest  those things that it is
becoming increasingly clear should be pushed to the application.  Thus, a
fair bit of the spec we have would remain the same.

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company

> 			>Still, location as a hint does not hurt here and
> the only real fix I see is to properly use URL's.
> 			>>Yes, one real fix is to use URLs, which is what
> we're saying should be done.
> 			I'd like to rephrase my sentence:
> 			Still, location as a hint does not hurt here and the
> only real fix I see is to <emph> properly </emph> use URL's if they are
> used as a real location.
> 			>Another real fix would be to completely abandon the
> idea that core behavior should have anything to do with externally located
> resources.
> 			Yes, I think that's something I would support.
> 			Peter

Received on Saturday, 20 November 1999 15:24:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:32 UTC