- From: timeless <timeless@gmail.com>
- Date: Tue, 14 Apr 2009 15:51:41 +0300
- To: marcosc@opera.com
- Cc: Henri Sivonen <hsivonen@iki.fi>, Thomas Roessler <tlr@w3.org>, public-webapps <public-webapps@w3.org>
Marcos Caceres <marcosc@opera.com> wrote: > Although I agree that it was probably a short-sightedness mistake on > our part to not have looked at JAR signing at the start of this > process, I think it is too late for you to ask us to dump over a year > worth of work on this spec - especially as we are about to go to Last > Call and have significant industry support (BONDI) for using XML > Signatures. > Although I also agree that there are issues with > canonicalization, I find it hard to believe that JAR signatures are > not without their own problems. I think it would be more productive to > help us address the issues that you mentioned, instead of asking us to > dump everything and start again. I'm willing to drop XML signing :) I guess I never really understood enough about why we went off on XML signing and didn't think to ask why we didn't look at JAR signing :(
Received on Tuesday, 14 April 2009 12:52:16 UTC