- From: Roland Lockhart <roland.lockhart@entrust.com>
- Date: Thu, 8 Jul 2004 15:00:38 -0400
- To: "'jose.kahan@w3.org'" <jose.kahan@w3.org>, www-xkms@w3.org
Hi Jose, This would break the existing Entrust implementation if and only if the XKMS schema namespace changed as a result. Our implementation does not directly use RSAKeyValue or RSAKeyPair. - Roland > -----Original Message----- > From: www-xkms-request@w3.org > [mailto:www-xkms-request@w3.org] On Behalf Of Jose Kahan > Sent: July 8, 2004 2:48 PM > To: www-xkms@w3.org > Subject: Re: RSAKeyPair/RSAKeyValue issue > > > > Hi, > > Per my action item, I consulted with my colleagues how to > make the schema change. As I suspected it requires more > verification from our side. More precisely, quoting Dan > Connolly's message: > > --- > The answer depends on real-world data about which design > is more widely deployed and what it costs (outside the WG > as well as inside) to change it. > --- > > We need to estimate what has been implemented and > what are the consequences of making this change, will it > change existing implementations and how much, how easy it > will be for other people to adopt the change. > > If we can't give this estimation, we have to make this change > in a way that's fair to existing implementations. If it's too > expensive, we may opt to keep xkms:RSAKeyValue then. > > You'll find here below a summary of the issues. > > Please send your feedback as to whether this change will break > your implementation > > -- What is the proposed change (from Tommy's mail) > > The spec refers to xkms:RSAKeyPair to communicate the public > and private parts of an RSA key (section 6.4), but the schema and > the examples use xkms:RSAKeyValue. Tommy and Stephen propose > to make the change to xkms:RSAKeyPair as it makes more sense > and this removes any possible confusion with ds:RSAKeyValue. > > -- What do actual implementations do now? > > I don't know if current implementations are using RSAKeyValue > or RSAKeyPair. Have people used the schema or the spec itself > when defining their service? > > I am not sure if this element is only used when doing an X-KRSS > recover operation or if it can be used elsewhere. Maybe when > generating or registrering a key. > > -- How will this change existing test cases? > > -- What we will do if some peple say yes and some say no to > this change? > > -- Do the resulting implementations interoperate? > > --- What are the failure modes? clearly reported errors > or subtle security bugs? > > -- Who's likely to say yes? Who's likely to say no? > > > -jose >
Received on Thursday, 8 July 2004 15:16:10 UTC