- From: Priestley, Mark, VF-Group <Mark.Priestley@vodafone.com>
- Date: Thu, 23 Apr 2009 18:07:18 +0200
- To: "Frederick Hirsch" <Frederick.Hirsch@nokia.com>, "ext David Rogers" <david.rogers@omtp.org>
- Cc: <marcosc@opera.com>, "Web Applications Working Group WG" <public-webapps@w3.org>, "Babbage, Steve, VF-Group" <Steve.Babbage@vodafone.com>
Hi Frederick, All, Actually, Vodafone are staying silent on whether this should be a MUST for XML Signature 1.1 specification. However we are saying that we won't object, which I had previously indicated that we might on the WebApps call. Regards, Mark -----Original Message----- From: Frederick Hirsch [mailto:Frederick.Hirsch@nokia.com] Sent: 23 April 2009 13:20 To: ext David Rogers Cc: Frederick Hirsch; marcosc@opera.com; Priestley, Mark, VF-Group; Web Applications Working Group WG; Babbage, Steve, VF-Group Subject: Re: [widget-digsig] Pls review: Additional considerations on elliptic curve algorithms to consider I agree . Also to be clear Mark, I believe you are saying VF supports a MUST in the XML Signature 1.1 specification. regards, Frederick Frederick Hirsch Nokia On Apr 23, 2009, at 8:15 AM, ext David Rogers wrote: > Marcos, > > Surely the logic should support algorithm evolution in that way. If it > is a SHOULD it doesn't mean that engines need to support all > algorithms - that would be a SHALL? If we say nothing at all, you run > the risk of dropping off a security cliff if you need to migrate in > the future. A SHOULD at least prescribes an intended roadmap and gives > the option for implementers to go for that if they so choose. > > Thanks, > > David. > > -----Original Message----- > From: public-webapps-request@w3.org > [mailto:public-webapps-request@w3.org > ] On Behalf Of Marcos Caceres > Sent: 23 April 2009 08:53 > To: Priestley, Mark, VF-Group > Cc: Frederick Hirsch; Web Applications Working Group WG; Babbage, > Steve, VF-Group > Subject: Re: [widget-digsig] Pls review: Additional considerations on > elliptic curve algorithms to consider > > On Thu, Apr 23, 2009 at 9:31 AM, Priestley, Mark, VF-Group > <Mark.Priestley@vodafone.com> wrote: >> Hi Frederick, All, >> >> Vodafone supports the move to support ECDSA in XML Signature 1.1 [2] >> and welcomes the new clarifying text. Vodafone will not object to >> ECDSAwithSHA256 being specified as mandatory [2] however we would >> like to propose that it is a recommended algorithm in Widgets 1.0: >> Digital Signatures [5] (e.g. a SHOULD). > > Sorry, it doesn't make sense to have them as a "should" in this > context. Either they are in or out because in practice engines will > need to support all prescribed algorithms. Lets keep to the smallest > possible subset of most commonly used algorithms in 1.0; every > algorithm we add makes this specification more difficult/expensive to > implement, adds more points of failure, etc. If the market shifts to > new algorithms, then we can add those later in a new draft. > > Kind regards, > Marcos > -- > Marcos Caceres > http://datadriven.com.au >
Received on Thursday, 23 April 2009 16:09:18 UTC