W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2001

Re: XML Signature is "evil" ;-))

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Fri, 07 Dec 2001 09:16:37 -0500
Message-Id: <200112071416.JAA0000033282@torque.pothole.com>
To: Svgdeveloper@aol.com
cc: w3c-ietf-xmldsig@w3.org

I agree about Schema. But on "Draft Standard", XML Digital Signature
is being developed by a joint IETF/W3C working group and going up both
standards ladders simultaneously. As well as its W3C status, it is an
IETF Proposed Standard (via RFC 3075) and would probably have already
been approved as a Draft Standard if it were not for some bureaucratic
delays. I expect it to be approved during the IETF meeting in Salt
Lake City next week.

I haven't read it all but the author of the cited article seem opposed
to standards having any flexibility so they can be extended, for
example, by Microsoft...  And they seem to think that the use of URIs
(actually they always say URLs...) to identify and label things like
algorithms implies dereferencing them and dependence of the site
specified in the URL. I don't agree.

Since there is a provision for feedback, I posted a negative comment
on the article including pointing out that I couldn't possibly be
biased by being a co-author of the XMLDSIG standard :-)


From:  Svgdeveloper@aol.com
Resent-Message-Id:  <200112070940.EAA23197@www19.w3.org>
Message-ID:  <134.5dffff7.2941e86a@aol.com>
Date:  Fri, 7 Dec 2001 04:39:54 EST
To:  w3c-ietf-xmldsig@w3.org

>In a message dated 07/12/01 09:26:40 GMT Standard Time, 
>geuer-pollmann@nue.et-inf.uni-siegen.de writes:
>> ever wanted to know why XML Signature is an evil technology authored by 
>> Microsoft to "rule the world of authorization"?
>> Sorry, just kidding, but anyhow, consider a look at this funny article:
>> http://www-106.ibm.com/developerworks/library/s-digsig.html
>Hm. :(
>When I see an article that refers to "Draft Standard" (capitalised) stage for 
>a W3C specification, I have to ask if the author understands W3C process.
>When I see an article which recommends, as the first resource to be read, XML 
>Schema Part I REC .... I have to doubt the author's sanity. :) ... If you 
>have ever tried to read XML Schema Part I REC you will probably know what I 
>mean. It certainly isn't an easy read even if you want to understand W3C XML 
>Schema. But as first thing to read about XML Signature ... <
>Andrew Watt
Received on Friday, 7 December 2001 09:19:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:36 UTC