- From: Marcos Caceres <marcosc@opera.com>
- Date: Tue, 14 Apr 2009 15:19:23 +0200
- To: timeless@gmail.com, Henri Sivonen <hsivonen@iki.fi>
- Cc: Thomas Roessler <tlr@w3.org>, public-webapps <public-webapps@w3.org>
On Tue, Apr 14, 2009 at 2:56 PM, Marcos Caceres <marcosc@opera.com> wrote: > > > On 4/14/09 2:51 PM, timeless wrote: >> >> Marcos Caceres<marcosc@opera.com> wrote: >>> >>> Although I agree that it was probably a short-sightedness mistake on >>> our part to not have looked at JAR signing at the start of this >>> process, I think it is too late for you to ask us to dump over a year >>> worth of work on this spec - especially as we are about to go to Last >>> Call and have significant industry support (BONDI) for using XML >>> Signatures. >> >>> Although I also agree that there are issues with >>> canonicalization, I find it hard to believe that JAR signatures are >>> not without their own problems. I think it would be more productive to >>> help us address the issues that you mentioned, instead of asking us to >>> dump everything and start again. >> >> I'm willing to drop XML signing :) >> >> I guess I never really understood enough about why we went off on XML >> signing and didn't think to ask why we didn't look at JAR signing :( > > I guess it was "it was not done here (w3c)" syndrome. Having said that, XML Sig meets our Requirements [1]. Kind regards, Marcos [1] http://dev.w3.org/2006/waf/widgets-reqs/#security-and-digital-signatures -- Marcos Caceres http://datadriven.com.au
Received on Tuesday, 14 April 2009 13:20:19 UTC