- From: Sean Mullan <Sean.Mullan@Sun.COM>
- Date: Wed, 23 Jul 2008 13:02:51 -0400
- To: Frederick Hirsch <frederick.hirsch@nokia.com>
- Cc: public-xmlsec@w3.org
I'm concerned about relaxing algorithm requirements as this can affect compatibility. This means existing signatures using DSA or C14N 1.0 may not be capable of being validated with newer implementations that don't have to support these algorithms. I think once an algorithm is required, we should support that going forward unless there is a very good reason not to. --Sean Frederick Hirsch wrote: > > XML Signature (1st and 2nd editions) have a list of mandatory and > recommended algorithms in the implementation requirements section. > > http://www.w3.org/TR/2008/PER-xmldsig-core-20080326/#sec-AlgID > > I'd like us to discuss whether we should change this list going forward > as follows (independent of other more significant changes for now): > > 1. Signature: > Change DSAwithSHA1 (DSS) from Required to Recommended > Change RSAwithSHA1 from Recommended to Required > > Given the change in RSAwithSHA1 licensing status this change might > better reflect implementations. > > 2. Canonicalization: > > Change Canonical XML 1.0(omits comments) from Required to Deprecated > Change Canonical XML 1.0 with comments) from Recommended to Deprecated > > Given the issues with xml:id and xml:base, we may want to discourage use > of Canonical XML 1.0 in the future. > > regards, Frederick > > Frederick Hirsch > Nokia > > > >
Received on Wednesday, 23 July 2008 17:03:44 UTC