Re: Range of Security : Nonce from Herbert Snorrason on 2014-04-12 (public-webpayments@w3.org from April 2014)

From: Herbert Snorrason <odin@anarchism.is>
Date: Sat, 12 Apr 2014 01:29:27 +0000
To: public-webpayments@w3.org
Message-ID: <534896F7.9000300@anarchism.is>

On 11/04/14 21:56, David I. Lehn wrote:
> It seems unclear what to use without causing implementations the pain
> of supporting every type.  I think the main restriction we have in the
> usage we've had so far is that we will need to ensure there is a spec
> on how every supported nonce type is encoded as a bitstream suitable
> for use in hashing and signing algorithms.  It seems like using
> xsd:string and using some sort of UTF-8 encoding would work for many
> use cases.  What is the use case for using a numeric type?

Mind if I ask what, exactly, prevents the use of xsd:hexBinary and
xsd:base64Binary? That removes the requirement to specify encoding
additionally; those types _are_ bitstrings. As you've pointed out,
xsd:string is defined in terms of characters, not bytes/octets. It also
disallows NUL (and some other characters less likely to be in play).

With greetings,
  Herbert Snorrason

Received on Monday, 14 April 2014 13:01:17 UTC