Re: [widgets] How to divorce widgets-digsig from Elliptic Curve PAG?


On 12/21/11 6:03 AM, ext Marcos Caceres wrote:
>   Lets go back an look at the options we have  to divorce Widgets/XML Dig Sig from Elliptic Curve:
>    1. Remove ECC from XML Dig Sig (in my opinion, "the right thing to do"):
>    pros:
>       - frees both XML Dig Sig and Widgets Dig Sig to progress to REC at full speed.
>       - begins a pattern of divorcing signature algorithms from processing (a good thing, which avoids this kind of mess!)
>    cons:
>       - new small spec needed
>       - XML Dig Sig missing an important algorithm.

Based on a quick scan of the XMLSec WG's mail archive [2], it appears 
that WG has known about potential IP issues related to Certicom/RIM and 
ECC for almost 3 years. As such, surely the WG has already discussed 
refactoring the XMLSig spec in a way like Marcos and I proposed.

Would you please explain why the WG objects to such refactoring (or 
provide a link(s) to the related discussion)?

As an FYI for the XMLSec WG members, note that another widget spec was 
blocked for two years because of a PAG [1] so it's quite understandable 
that having widgets-digsig blocked by YA PAG creates concerns for some 
WG members, especially given the ECC PAG Chair's "pessimistic" view [3] 
of a "quick" PAG resolution.

-Thanks, AB


Received on Wednesday, 21 December 2011 14:36:06 UTC