- From: Ron Daniel <rdaniel@interwoven.com>
- Date: Mon, 30 Jul 2001 16:16:43 -0700
- To: "Brian McBride" <bwm@hplb.hpl.hp.com>, "Graham Klyne" <Graham.Klyne@Baltimore.com>
- Cc: <w3c-rdfcore-wg@w3.org>
Hi all,
I'm back from vacation, starting to catch up on the
backlog. Apologies if this issue has already been settled,
I did not see such in the minutes. (Speaking of which,
I don't see the minutes for July 27 in the archive).
Brian said:
> I should have made clear that my hypothesis here is that it is
> the 'model' that was signed, not the document.
There are not very many use cases for signing an internal
representation instead of the serialized form which is
actually transmitted. The main concerns people use signatures
to address are:
1) Did this come from whom it purports to come from?
2) Is this an unaltered version of what they sent?
Both of these are perfectly well-served by signing the
serialized form of a graph. Signing internal representations
ends up with a lot of problems around canonicalization
such as byte order issues, as well as a tendency to
restrict optimizations.
There are some other reasons not to take on the task
of signing the 'model', including:
1) insufficient number of WG members who are security experts
2) interference with the chartered XML signatures work (which
is the group that does have the security experts)
3) lack of demonstrated needs which can't be met by
signing the serialized form of a model.
4) lack of charter to take this on
5) time and effort
Lazy slob that I am, I don't want to take on more work
than is needed.
Ron Daniel Jr.
Standards Architect
Tel: +1 415 778 3113
Fax: +1 415 778 3131
Email: rdaniel@interwoven.com
Visit www.interwoven.com
Moving Business to the Web
Received on Monday, 30 July 2001 19:18:47 UTC