W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2011

[whatwg] Signed XHTML

From: Mikko Rantalainen <mikko.rantalainen@peda.net>
Date: Mon, 31 Oct 2011 12:53:18 +0200
Message-ID: <4EAE7E1E.4080401@peda.net>
2011-10-27 14:29 EEST: Henri Sivonen:
> On Thu, Oct 20, 2011 at 9:57 PM, Martin Bo?let
> <martin.bosslet at googlemail.com> wrote:
>> Are there plans in this direction? Would functionality like this have a
>> chance to be considered for the standard?
> 
> The chances are extremely slim.
> 
> XML signatures depend on XML canonicalization which is notoriously
> difficult to implement correctly and suffers from interop problems
> because unmatched sets of bugs in the canonicalization phase make
> signature verification fail. I think browser vendors would be
> reasonable if they resisted making XML signatures of canonicalization
> part of the platform.
> 
> Moreover, most of the Web is HTML, so enthusiasm for XHTML-only
> features is likely very low these days.

I agree. If a method for signature would be introduced, it should be on
HTTP-level instead. For example, the server (or client) could pass an
extra header (e.g. Content-Signature) where value would be the signature
of the content with some extra info about the key&algorithm used for
signature.

-- 
Mikko
Received on Monday, 31 October 2011 03:53:18 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:37 UTC