W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

Closing (again) Issue on 6.1 SignatureMethod

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Tue, 20 Jun 2000 15:23:22 -0400
Message-Id: <3.0.5.32.20000620152322.00944910@localhost>
To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
After further conversation regarding section 6.1, I think the following is
the best representation of the WG intent (basically, the document is
unchanged):

1. The document will continue to state, "This specification defines a set of
algorithms, their URIs, and requirements for implementation. Requirements
are specified over implementation, not over requirements for signature use."
We'll continue to rely upon the text in 8.4 [1] to warn Signature users of
the potential hazards of other algorithms, "Even more care may be warranted
with application defined algorithms."
2. There's no proposal nor agreement to change the definitions or dataytpes
of SignatureValue, SignatureProperty, or KeyInfo.
3. To answer the thread on hash algorithms as signature algorithms, the
natural language definition of Signature requires a key to be associated
with the content, consequently a simple hash SignatureMethod is an incorrect
reading of the specification. Enforcement of this requirement falls to the
users of the Signature applications (like all the issues in section 8 [2]).

[1] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000AprJun/0268.html
[2] http://www.w3.org/TR/2000/WD-xmldsig-core-20000601/#sec-Security

_________________________________________________________
Joseph Reagle Jr.   
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Tuesday, 20 June 2000 15:23:56 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT