> With respect to the issue of excluding ancestor context from the > canonical > form of a signature[1], the WG should pursue option: > > 1. Specify the exclusive canonicalization as part of the > non-normative (nor > required to implement) dsig-more specification [2]. > 2.Specify the exclusive canonicalization as part of the normative > xmldsig-core as proposed in [3] (but with the URIs of [4]) as [REQUIRED, > RECOMMENDED, OPTIONAL]. (This option requires interoperable > implementation > of this feature before xmldsig advances.) I vote for option (1), mainly for the following reasons: - Arguments (3) and (5) raised by BAL in [1] - Option (2) only makes sense as a MUST from my point of view, and then the time delay resulting from this change will be close to BAL's "6-12 months". - I am not sure if the proposal from Don is mature enough, or if it can solve the namespace related problems sufficiently at all, to be included as part of XML-Signature, as the discussion in [2], [3] and [4] shows. --- [1] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001AprJun/0305.html [2] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001AprJun/0304.html [3] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001AprJun/0306.html [4] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001AprJun/0309.html Liebe Gruesse/Regards, --------------------------------------------------------------- DI Gregor Karlinger mailto:gregor.karlinger@iaik.at http://www.iaik.at Phone +43 316 873 5541 Institute for Applied Information Processing and Communications Austria ---------------------------------------------------------------Received on Tuesday, 19 June 2001 05:54:53 GMT
This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:13 GMT