- From: <Frederick.Hirsch@nokia.com>
- Date: Thu, 29 Dec 2011 14:11:05 +0000
- To: <Art.Barstow@nokia.com>
- CC: <Frederick.Hirsch@nokia.com>, <public-xmlsec@w3.org>, <tlr@w3.org>, <public-webevents@w3.org>, <w3c@marcosc.com>, <public-webapps@w3.org>, <rigo@w3.org>
As I said before, this action is premature and we should let the PAG conclude (or at least wait for a status report) - the W3C Team may have more to say, but if this is on the order of weeks I do not think making work here to have apparent progress is useful. I have not seen a definitive statement from the ECC PAG chair. Did you read the message from Brian LaMacchia? If not, please read it, as it provides additional argument against this proposed change. I am against revising XML Signature 1.1 until I understand the actual PAG status and until we have XML Security WG agreement. This endless email debate is not helpful and I'm not sure I understand the urgency related to widgets apart from a desire to mark it as complete. regards, Frederick Frederick Hirsch Nokia On Dec 21, 2011, at 9:35 AM, Arthur Barstow wrote: > TLR, FH, XMLSecWG, > > On 12/21/11 6:03 AM, ext Marcos Caceres wrote: >> Lets go back an look at the options we have to divorce Widgets/XML Dig Sig from Elliptic Curve: >> >> 1. Remove ECC from XML Dig Sig (in my opinion, "the right thing to do"™): >> >> pros: >> - frees both XML Dig Sig and Widgets Dig Sig to progress to REC at full speed. >> - begins a pattern of divorcing signature algorithms from processing (a good thing, which avoids this kind of mess!) >> >> cons: >> - new small spec needed >> - XML Dig Sig missing an important algorithm. > > Based on a quick scan of the XMLSec WG's mail archive [2], it appears that WG has known about potential IP issues related to Certicom/RIM and ECC for almost 3 years. As such, surely the WG has already discussed refactoring the XMLSig spec in a way like Marcos and I proposed. > > Would you please explain why the WG objects to such refactoring (or provide a link(s) to the related discussion)? > > As an FYI for the XMLSec WG members, note that another widget spec was blocked for two years because of a PAG [1] so it's quite understandable that having widgets-digsig blocked by YA PAG creates concerns for some WG members, especially given the ECC PAG Chair's "pessimistic" view [3] of a "quick" PAG resolution. > > -Thanks, AB > > [1] http://www.w3.org/2009/11/widgets-pag/pagreport.html > [2] http://www.w3.org/Search/Mail/Public/search?keywords=&hdr-1-name=subject&hdr-1-query=certicom&index-grp=Public_FULL&index-type=t&type-index=public-xmlsec > [3] http://lists.w3.org/Archives/Public/public-webapps/2011OctDec/1540.html > >
Received on Thursday, 29 December 2011 14:11:48 UTC