- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Thu, 29 Jul 1999 11:24:32 -0400
- To: "tog" <todd.glassey@www.meridianus.com>
- Cc: "Richard Himes" <rhimes@nmcourt.fed.us>, "tog" <todd.glassey@www.meridianus.com>, <w3c-ietf-xmldsig@w3.org>
At 07:54 AM 7/29/99 -0700, tog wrote:
>To do this we need to address the timestamping, signature, and timebase
>services models so that the system, has a credible proofing system inherent
>with its design.
Agreed, to do that, yes. However, you still have to complete the core
signature syntax before you work on trust applications. Two design
principles are in operation here that I spoke of at the W3C workshop:
1. Muddying the water doesn't help you get to the bottom any faster.
2. Punting promotes design generality.
All of those things that you spoke of are difficult problems even if you
think they can be solved trivially by adding an attribute in the sig-block,
there are many many ways to do them incorrectly. [1]
[1] http://www.w3.org/Signature/Drafts/xml-dsig-design-resources-990723.html
_________________________________________________________
Joseph Reagle Jr.
Policy Analyst mailto:reagle@w3.org
XML-Signature Co-Chair http://w3.org/People/Reagle/
Received on Thursday, 29 July 1999 11:24:30 UTC