Changing Signature algorithm implementation requirements from Frederick Hirsch on 2008-07-23 (public-xmlsec@w3.org from July 2008)

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Wed, 23 Jul 2008 12:47:45 -0400
To: public-xmlsec@w3.org
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
Message-Id: <063451F1-30EC-47A4-8D9F-0E58F1F24DF2@nokia.com>

XML Signature (1st and 2nd editions) have a list of mandatory and  
recommended algorithms in the implementation requirements section.

http://www.w3.org/TR/2008/PER-xmldsig-core-20080326/#sec-AlgID

I'd like us to discuss whether we should change this list going  
forward as follows (independent of other more significant changes for  
now):

1.  Signature:
Change DSAwithSHA1 (DSS) from Required to Recommended
Change RSAwithSHA1 from Recommended to Required

Given the change in RSAwithSHA1 licensing status this change might  
better reflect implementations.

2. Canonicalization:

Change  Canonical XML 1.0(omits comments) from Required to Deprecated
Change  Canonical XML 1.0 with  comments) from Recommended to Deprecated

Given the issues with xml:id and xml:base, we may want to discourage  
use of Canonical XML 1.0 in the future.

regards, Frederick

Frederick Hirsch
Nokia

Received on Wednesday, 23 July 2008 16:48:29 UTC