- From: Arthur Barstow <art.barstow@nokia.com>
- Date: Wed, 21 Dec 2011 09:35:08 -0500
- To: XMLSec <public-xmlsec@w3.org>, Thomas Roessler <tlr@w3.org>, "Hirsch Frederick (Nokia-CIC/Boston)" <Frederick.Hirsch@nokia.com>, "public-webevents@w3.org" <public-webevents@w3.org>
- CC: ext Marcos Caceres <w3c@marcosc.com>, public-webapps@w3.org, Rigo Wenning <rigo@w3.org>
TLR, FH, XMLSecWG, On 12/21/11 6:03 AM, ext Marcos Caceres wrote: > Lets go back an look at the options we have to divorce Widgets/XML Dig Sig from Elliptic Curve: > > 1. Remove ECC from XML Dig Sig (in my opinion, "the right thing to do"™): > > pros: > - frees both XML Dig Sig and Widgets Dig Sig to progress to REC at full speed. > - begins a pattern of divorcing signature algorithms from processing (a good thing, which avoids this kind of mess!) > > cons: > - new small spec needed > - XML Dig Sig missing an important algorithm. Based on a quick scan of the XMLSec WG's mail archive [2], it appears that WG has known about potential IP issues related to Certicom/RIM and ECC for almost 3 years. As such, surely the WG has already discussed refactoring the XMLSig spec in a way like Marcos and I proposed. Would you please explain why the WG objects to such refactoring (or provide a link(s) to the related discussion)? As an FYI for the XMLSec WG members, note that another widget spec was blocked for two years because of a PAG [1] so it's quite understandable that having widgets-digsig blocked by YA PAG creates concerns for some WG members, especially given the ECC PAG Chair's "pessimistic" view [3] of a "quick" PAG resolution. -Thanks, AB [1] http://www.w3.org/2009/11/widgets-pag/pagreport.html [2] http://www.w3.org/Search/Mail/Public/search?keywords=&hdr-1-name=subject&hdr-1-query=certicom&index-grp=Public_FULL&index-type=t&type-index=public-xmlsec [3] http://lists.w3.org/Archives/Public/public-webapps/2011OctDec/1540.html
Received on Wednesday, 21 December 2011 14:36:02 UTC