W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

RE: FW: Re: rsa/oaep

From: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>
Date: Wed, 10 Apr 2002 14:58:33 -0400
Message-ID: <05F679A54DF3D51188100008C791975607D3DB@ma07exm03.corp.isg.mot.com>
To: "'reagle@w3.org'" <reagle@w3.org>
Cc: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>, xml-encryption@w3.org, merlin <merlin@baltimore.ie>
Option 1 seems better to me.

Donald

-----Original Message-----
From: Joseph Reagle [mailto:reagle@w3.org]
Sent: Tuesday, April 09, 2002 9:31 AM
To: merlin
Cc: Eastlake III Donald-LDE008; xml-encryption@w3.org
Subject: Re: FW: Re: rsa/oaep


On Monday 08 April 2002 19:22, merlin wrote:
> Does it need a new namespace? It's just deprecating an old ambiguous
> algorithm URI and replacing it with a new, more explicit URI in the same
> namespace. We're not changing the schema.

I like the new algorithm-ID as well. (For my clarity, do you agree with the 
URI Donald proposed, with the "-p" on the end?) However, when we are in CR 
we have an obligation [a] not to cause existing implementations of that 
namespace to break with respect to application behaviour or invalidating 
existing syntax. You're right about the syntax, but we still have an 
obligation to return something if someone looks at the old URI. Either it 
should dereference to something saying it's deprecated, or continue to 
point to an older spec (and not the REC).

[a] http://www.w3.org/1999/10/nsuri


Consequently, I don't think we need to change the namespace of the whole 
spec. I think we have two decent solutions to choose from. (I prefer the 
first, so people know explicitly it is deprecated and it's less confusing.)

(1) In the spec we say the following is deprecated:
  http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
and replaced by
  http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1-sha1-p

(2) Or we drop the old one from the spec all-together and replace it with a 
new one (notice the year/month change).
  http://www.w3.org/2002/03/xmlenc#rsa-oaep-mgf1-sha1-p

I've repsented option 1 in:

http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/Overview.html#sec-RSA-O
AEP
new revision: 1.172
Received on Wednesday, 10 April 2002 14:58:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:20 GMT