- From: Scott Cantor <cantor.2@osu.edu>
- Date: Tue, 27 Jul 2010 12:00:09 -0400
- To: <public-xmlsec@w3.org>
So, the question is whether 2.0 mode signatures (in either Reference, SignedInfo, or both) should lock down c14n to just the newly defined method, or leave it open. Currently we say nothing about SignedInfo, but Pratik indicated that sec 6.5 of the draft locks down Reference c14n to require the c14n 2.0 algorithm only. My proposal is that we do not restrict this in either Reference or SignedInfo, but leave it open, subject to the constraint that for Reference c14n, only algorithms defined for use with XML Signature 2.0 will work. That's simply a consequence of the input interface (the list of subtrees plus exclusions, etc.) My reason for this is future-proofing, basically. Of course, c14n 2.0 would be the only MTI algorithm. As an alternative, if we leave the language as is, and require c14n 2.0 for References, I believe we should make sure that the same is true for SignedInfo. There's no use case for having a different rule there. -- Scott
Received on Tuesday, 27 July 2010 16:00:40 UTC