- From: tog <todd.glassey@www.meridianus.com>
- Date: Fri, 30 Jul 1999 09:04:59 -0700
- To: "Joseph M. Reagle Jr." <reagle@w3.org>
- Cc: "Richard Himes" <rhimes@nmcourt.fed.us>, <w3c-ietf-xmldsig@w3.org>
Joseph, ----- Original Message ----- From: Joseph M. Reagle Jr. <reagle@w3.org> To: tog <todd.glassey@www.meridianus.com> > > Agreed, to do that, yes. However, you still have to complete the core > signature syntax before you work on trust applications. Two design > principles are in operation here that I spoke of at the W3C workshop: > > 1. Muddying the water doesn't help you get to the bottom any faster. Yes, but knowing the totality of the use models tells you how deep the water potentially is, and right now we don't know this. > 2. Punting promotes design generality. What do you mean by "Punting" > > All of those things that you spoke of are difficult problems even if you > think they can be solved trivially by adding an attribute in the sig-block, > there are many many ways to do them incorrectly. [1] And this is ecactly why in the PKI world the "use model" (Applicability Statements) are so powerful. becuase if we don't set the scope of the usefull envelope of our technologies, the implementors may (read as "will") try to do stuff that is inherently broke and we wind up looking like fools then for not telling them they couldn't do "XY and Z" without "A" too. Todd
Received on Friday, 30 July 1999 11:50:56 UTC