Seeking feedback regarding Widgets Digital Signatures spec

Frederick, All,

As you may know, the Web Applications WG [WebApps] is working on a  
Digital Signature specification for "Widgets" (see [Widgets] for a  
definition of Widget in this context).

The FPWD of our Digital Signature spec is at [DigSig-TR] and the  
latest Editor's Draft is available at [DigSig-ED].

Anyhow, during our August f2f meeting, we discussed what we call  
Issue #22 - "Is sha1 as a DigestMethod strong enough for Widgets  
digital signatures?" [Issue-22]. At then end of this discussion  
[Issue-22-Discuss] I agreed to the following action:

[[
Ask the XML Sec WG "what algorithm do you recommend we use and what  
identifier should we use for it?
]]

Our questions are:

1. What (if any) issues do you foresee if we require support for  
SHA-256 (rather than SHA-1)?

2. What algorithm should we use?

3. What identifier should we use for the algorithm?

-Regards, Art Barstow
Co-Chair of the WebApps WG

[WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page>
[Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction>
[DigSig-TR] <http://www.w3.org/TR/widgets-digsig/>
[DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/>
[Issue-22] <http://www.w3.org/2008/webapps/track/issues/22>
[Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam- 
minutes.html#item07>

Received on Friday, 26 September 2008 13:03:11 UTC