RE: Significant W3C Confusion over Namespace Meaning and Policy from John Boyer on 2005-02-14 (www-tag@w3.org from February 2005)

From: John Boyer <JBoyer@PureEdge.com>
Date: Mon, 14 Feb 2005 10:24:33 -0800
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: <www-tag@w3.org>, "Bjoern Hoehrmann" <derhoermi@gmx.net>
Message-ID: <7874BFCCD289A645B5CE3935769F0B52EA752C@tigger.pureedge.com>

Well, hopefully you will take this not as an attack
but rather as a thorough debate of the issues.

You stopped reading the prior email at a critical moment,
just before getting to the most important question.
Why do you think your new RFC means that a URI may never 
be used for identification purposes, when your definition 
states that it may be used for this purpose and the 
namespace rec says that, when used with namespaces, it is 
used for that purpose?  

The URI spec talks about all URIs, whereas there use in 
namespaces is only one application.  Any implied IETF
process to update other technologies should not take
hold until it is shown that the debated aspect of the RFC 
actually has the meaning implied.  Moreover, is it part of 
process to irreparably break other IETF and W3C technologies?  
I don't understand how that is a process issue.
It sounds more like a technical oversight or misunderstanding.

>> Changes to the context do
>> not affect the serialization over which the hash is
>> ultimately computed, then the signature is repudiable.

>I cannot parse that sentence because it is missing a word.

Please prepend the word 'if'.  
You asked me to provide an example of failure. I provided
one which is quite understandable despite a missing word
in one sentence.  A user signs some bits under the assumption 
that those bits have a particular meaning in some application 
context. Users don't understand bits; they understand application
context. Changing the meaning of words in a namespace means 
that the signed bits are changing meaning without changing 
serialization.  So the signature validates, but the XML
does not result in the same processor behavior that it once did.

Just so I'm clear, is this the understanding you had of
my prior communications when you implied that I had yet
to produce a "useful" example?  If so, then I'm pretty sure
you're advocating that the IETF process of applying your RFC
should repeal or substantially qualify the use of the 
XML signatures recommendation.

John Boyer, Ph.D.
Senior Product Architect and Research Scientist
PureEdge Solutions Inc.


-----Original Message-----
From: Roy T. Fielding [mailto:fielding@gbiv.com]
Sent: Saturday, February 12, 2005 8:25 PM
To: John Boyer
Cc: www-tag@w3.org; Bjoern Hoehrmann
Subject: Re: Significant W3C Confusion over Namespace Meaning and Policy


oops, trigger failure -- that last message was unfinished and
about to be deleted out of disgust.  Feel free to ignore it and
actually provide some useful example of breakage, like I asked
the first time.  Don't attack the messenger just because you
can't answer the original question.

....Roy

Received on Monday, 14 February 2005 18:25:11 UTC