- From: Tom Gindin <tgindin@us.ibm.com>
- Date: Fri, 20 Apr 2001 08:16:37 -0400
- To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
- Cc: <w3c-ietf-xmldsig@w3.org>
The main advantage fixed URI's do have over OID's as algorithm
descriptors from a developer's standpoint is, after all, that you can look
at the URI and make a claim like "If there's online information on this
algorithm, it or a link to it should be in this place". By comparison,
chasing down the definition for a given OID may not be quick, automated, or
cheap.
If a URI is not dereferenceable, its usefulness is much closer to that
an OID, except that it's somewhat larger. The domain name may give you a
contact without manually going through intermediate assignment authorities,
but that's all.
Tom Gindin
"Donald E. Eastlake 3rd" <dee3@torque.pothole.com> on 04/19/2001 10:52:07
PM
To: Tom Gindin/Watson/IBM@IBMUS
cc: <w3c-ietf-xmldsig@w3.org>
Subject: Re: additional XMLDSIG URIs
I didn't claim there weren't any tables of OIDs in the world. But it
is fundamentally different from domain names whose intent in to be
indexes into an on-line distributed data bases and where it is an
error for the corresponding node not to be automatically locatable.
Donald
From: "Tom Gindin" <tgindin@us.ibm.com>
Importance: Normal
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc: "Brian LaMacchia" <bal@microsoft.com>, <w3c-ietf-xmldsig@w3.org>
Message-ID:
<OF80F0095A.3C0205C4-ON85256A33.004CE750@somers.hqregion.ibm.com>
Date: Thu, 19 Apr 2001 10:10:35 -0400
>"Donald E. Eastlake 3rd" <dee3@torque.pothole.com>@w3.org on 04/19/2001
>09:12:45 AM
>
>Sent by: w3c-ietf-xmldsig-request@w3.org
>
>
>To: "Brian LaMacchia" <bal@microsoft.com>
>cc: <w3c-ietf-xmldsig@w3.org>, <lde008@dms.isg.mot.com>
>Subject: Re: additional XMLDSIG URIs
>(snip)
>My draft doesn't prohibit there being anything at the URL's. These
>additional URIs are, at this instant, not part of the W3C standard or
>otherwise in the orbit of the W3C. The XMDLSIG standard permits
>algorithms defined by other orgnanizations, such as these, and does
>not require them to be dereferencable. Do you want to change the
>XMLDSIG standard to require dereferencability?
>
>But I still don't understand why you assume the suggested URIs would
>not be dereferencable. In fact, I would think that the IETF would be
>more stable and better able to keep material there than you typical
>current dot.com. Furthermore, I can't understand why you say they
>would be like OIDs. There is no global database or protocol system
>associated with OIDs that I am aware of. Domain names and URIs are
>inherently different in having a global database, which usually
>contains physical address pointers, and a system of protocols
>associated with them.
>
>[TG] The closest thing I know of to a global database currently existing
>for OID's is Harald Alvestrand's volunteer effort at
>http://www.alvestrand.no/objectid/. It is far from comprehensive, but
>individuals who have assigned new OID's for their organizations may submit
>the definitions there. ITU's X.660 standard does not mandate any form of
>publication, and dereferencing an OID from ANSI cost USD 40 the last time
I
>looked. There is a distributed global database for OID's, but there is no
>common publication or distribution method even recommended.
>
>(snip)
Received on Friday, 20 April 2001 08:17:26 UTC