Proposed revision to best practices comments provided by Brad from Frederick Hirsch on 2008-08-22 (public-xmlsec@w3.org from August 2008)

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Fri, 22 Aug 2008 15:05:58 -0400
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
Message-Id: <7A6F09C7-33E5-407B-AAD0-4356B7BDCCEB@nokia.com>

I suggest some editorial adjustments to the wording of the best  
practices comments provided by Brad Hill [1] as well as to some of  
the existing text around those comments. I agree with the intent of  
the comments however.

I attach a redline PDF showing the changes I suggest. I also suggest  
a reordering and rewording of the introduction. We should also update  
the Signature reference to Second Edition.

We may wish to add some specific best practice statements along with  
the added material,

in 2.1.4
Best Practice a: Implementations should avoid retrieving references  
that may have side effects

in 2.3
Best Practice b: Implementations should avoid retrieving referenced  
items multiple times since they may change, and should cache values  
where possible.


change best practice 3 to add "before performing risky operations
"Establish trust in the verification/validation key before performing  
risky operations."

regards, Frederick

Frederick Hirsch
Nokia

[1] http://www.w3.org/2008/xmlsec/Drafts/best-practices/comments- 
bhill.html

Attachments

text/html attachment: comments-fjh.htm
application/pdf attachment: comments-fjh.pdf

Received on Friday, 22 August 2008 19:07:57 UTC