- From: Arthur Barstow <art.barstow@nokia.com>
- Date: Fri, 26 Sep 2008 08:58:30 -0400
- To: public-xmlsec@w3.org
- Cc: public-webapps <public-webapps@w3.org>
Frederick, All, As you may know, the Web Applications WG [WebApps] is working on a Digital Signature specification for "Widgets" (see [Widgets] for a definition of Widget in this context). The FPWD of our Digital Signature spec is at [DigSig-TR] and the latest Editor's Draft is available at [DigSig-ED]. Anyhow, during our August f2f meeting, we discussed what we call Issue #22 - "Is sha1 as a DigestMethod strong enough for Widgets digital signatures?" [Issue-22]. At then end of this discussion [Issue-22-Discuss] I agreed to the following action: [[ Ask the XML Sec WG "what algorithm do you recommend we use and what identifier should we use for it? ]] Our questions are: 1. What (if any) issues do you foresee if we require support for SHA-256 (rather than SHA-1)? 2. What algorithm should we use? 3. What identifier should we use for the algorithm? -Regards, Art Barstow Co-Chair of the WebApps WG [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page> [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction> [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/> [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/> [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22> [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam- minutes.html#item07>
Received on Friday, 26 September 2008 13:03:13 UTC