W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2002

XML Signature Recommendations Reference to FIPS 186-2 Now Broken

From: Joseph Reagle <reagle@w3.org>
Date: Mon, 21 Oct 2002 14:22:35 -0400
To: XML Signature <w3c-ietf-xmldsig@w3.org>
Cc: chairs@w3.org, FIPS186@nist.gov
Message-Id: <200210211422.35124.reagle@w3.org>


Someone recently pointed out to me that the W3C XML Signature Recommendation 
contains the following references, which contains a location that no longer 
works:

DSS
  FIPS PUB 186-2 . Digital Signature Standard (DSS). U.S. Department
  of Commerce/National Institute of Standards and Technology.
  http://csrc.nist.gov/publications/fips/fips186-2/fips186-2.pdf

It appears that in October 2001 FIPS186-2 was updated with an appendix that 
contains some constraints and recommendations with respect to security 
concerns:
  http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf

However, the XML Signature Recommendation was published in February of 2002. 
I know the original link worked at that time. I don't know when the 
original specification was removed, what NIST's 
obsoletion/deprecation/revision policy is, nor what the removal means 
except that we now have a bad reference.

What do people think? Should we:
1. Ask NIST to maintain the URI, but update it saying that that version is 
obsoleted by a new revision?
2. Let it be?
3.. Add an erratum to our own specification?

-- 
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Monday, 21 October 2002 14:23:07 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:16 GMT