W3C home > Mailing lists > Public > xml-dist-app@w3.org > January 2003

Re: [xml-dist-app] <none>

From: Rich Salz <rsalz@datapower.com>
Date: Thu, 2 Jan 2003 20:20:26 -0500 (EST)
To: David Orchard <dorchard@bea.com>
cc: "xml-dist-app@w3.org" <xml-dist-app@w3.org>, "www-ws-arch@w3.org" <www-ws-arch@w3.org>
Message-ID: <Pine.LNX.4.44L0.0301021956330.17437-100000@smtp.datapower.com>

I would strongly encourage you to get at least one cryptographer
actively involved in the discussion before this goes much further.
As a "short list" of contributors, I would recommend one of the
authors (or original submittors) from the XMLDSIG or XENC documents.

On a more personal note, I am concerned about the "how can we make
DSIG and XENC work with the infoset" tone.  It's understandable, given
the authors, but I want to emphasize that cryptography (at least as
sed in the DSIG and XENC specs) depends on an octet stream -- i.e.,
a serialization -- and anything other than that is a complete non-
starter.

For completeness (and perhaps also to label myself Cassandra :),
it should be mentioned that this issue was raised back [1] back in
June, 2001, when the decision to "go Infoset" was first made, and in
[2] February, 2002, I proposed a canonicalization solution.  I lost
the battle for #1 and #2 was fairly quickly ruled out of scope.

        /r$

[1] http://lists.w3.org/Archives/Public/xml-dist-app/2001Jun/0208.html
[2] http://lists.w3.org/Archives/Public/xml-dist-app/2002Feb/0266.html
Received on Thursday, 2 January 2003 20:20:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:13 GMT