Re: [widgets] How to divorce widgets-digsig from Elliptic Curve PAG?

TLR, FH, XMLSecWG,

On 12/21/11 6:03 AM, ext Marcos Caceres wrote:
>   Lets go back an look at the options we have  to divorce Widgets/XML Dig Sig from Elliptic Curve:
>
>    1. Remove ECC from XML Dig Sig (in my opinion, "the right thing to do"™):
>
>    pros:
>       - frees both XML Dig Sig and Widgets Dig Sig to progress to REC at full speed.
>       - begins a pattern of divorcing signature algorithms from processing (a good thing, which avoids this kind of mess!)
>
>    cons:
>       - new small spec needed
>       - XML Dig Sig missing an important algorithm.

Based on a quick scan of the XMLSec WG's mail archive [2], it appears 
that WG has known about potential IP issues related to Certicom/RIM and 
ECC for almost 3 years. As such, surely the WG has already discussed 
refactoring the XMLSig spec in a way like Marcos and I proposed.

Would you please explain why the WG objects to such refactoring (or 
provide a link(s) to the related discussion)?

As an FYI for the XMLSec WG members, note that another widget spec was 
blocked for two years because of a PAG [1] so it's quite understandable 
that having widgets-digsig blocked by YA PAG creates concerns for some 
WG members, especially given the ECC PAG Chair's "pessimistic" view [3] 
of a "quick" PAG resolution.

-Thanks, AB

[1] http://www.w3.org/2009/11/widgets-pag/pagreport.html
[2] 
http://www.w3.org/Search/Mail/Public/search?keywords=&hdr-1-name=subject&hdr-1-query=certicom&index-grp=Public_FULL&index-type=t&type-index=public-xmlsec
[3] http://lists.w3.org/Archives/Public/public-webapps/2011OctDec/1540.html

Received on Wednesday, 21 December 2011 14:36:06 UTC