- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Fri, 17 Feb 2012 20:50:44 +0100
- To: Ron Garret <ron@flownet.com>
- CC: public-identity@w3.org
On 2012-02-17 20:35, Ron Garret wrote: > > On Feb 17, 2012, at 11:15 AM, Anders Rundgren wrote: > >> On 2012-02-17 20:00, Ron Garret wrote: >>> >> <snip> >>> It is possible that the solution to all our problems is simply to document signText. >> >> I just mentioned that there are a bunch of "standards" out there already. > > And what does the existence of "a bunch of standards" have to do with what is wrong with signText? > >> If I were to create a standard I would begin with researching these to see >> if there is something worth stealing :-) > > So, did you? Is there? It's called gap analysis and is a given task for a *proposer*. > >> https://github.com/daviddahl/domcrypt/blob/master/demos/demo.js#L47 > > All I see is a bunch of uncommented Javascript code. How that is intended to address the issue that signText is undocumented I do not understand. I might be able to back out an API by reverse-engineering this code, but that would be missing the point rather badly. > >> I don't know how window.mozCipher.pk.sign works but signText(v1996) uses X.509 >> certificates which I believe what is generally requested. > > Personally, I think X.509 is part of the problem, not the solution. But that is a different issue altogether. > > rg > > >
Received on Friday, 17 February 2012 19:51:29 UTC