W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: FW: Re: rsa/oaep

From: Joseph Reagle <reagle@w3.org>
Date: Tue, 9 Apr 2002 09:30:43 -0400
Message-Id: <200204091330.JAA05767@tux.w3.org>
To: merlin <merlin@baltimore.ie>
Cc: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>, xml-encryption@w3.org
On Monday 08 April 2002 19:22, merlin wrote:
> Does it need a new namespace? It's just deprecating an old ambiguous
> algorithm URI and replacing it with a new, more explicit URI in the same
> namespace. We're not changing the schema.

I like the new algorithm-ID as well. (For my clarity, do you agree with the 
URI Donald proposed, with the "-p" on the end?) However, when we are in CR 
we have an obligation [a] not to cause existing implementations of that 
namespace to break with respect to application behaviour or invalidating 
existing syntax. You're right about the syntax, but we still have an 
obligation to return something if someone looks at the old URI. Either it 
should dereference to something saying it's deprecated, or continue to 
point to an older spec (and not the REC).

[a] http://www.w3.org/1999/10/nsuri


Consequently, I don't think we need to change the namespace of the whole 
spec. I think we have two decent solutions to choose from. (I prefer the 
first, so people know explicitly it is deprecated and it's less confusing.)

(1) In the spec we say the following is deprecated:
  http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
and replaced by
  http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1-sha1-p

(2) Or we drop the old one from the spec all-together and replace it with a 
new one (notice the year/month change).
  http://www.w3.org/2002/03/xmlenc#rsa-oaep-mgf1-sha1-p

I've repsented option 1 in:

http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/Overview.html#sec-RSA-OAEP
new revision: 1.172
Received on Tuesday, 9 April 2002 09:30:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:20 GMT