- From: Richard D. Brown <rdbrown@Globeset.com>
- Date: Mon, 27 Sep 1999 14:26:51 -0500
- To: "'Joseph M. Reagle Jr.'" <reagle@w3.org>
- Cc: "'IETF/W3C XML-DSig WG'" <w3c-ietf-xmldsig@w3.org>
Joseph, Please find RD comments below. TYPOS: ====== page 1: "...,we have introduced changes that hopefully states..." instead: "...,we have introduced changes that hopefully state..." #2.1: "The specification must describe how to a sign..." instead: "The specification must describe how to sign a..." #2.2: "...Web resources are defined as any digital content content that..." instead: "...Web resources are defined as any digital content that..." OTHERS: ======= #2.3: Why sublist 2.3.1-2.3.2? #2.3: "...via a strong one-way transformation." note: A signature or authentication algorithm is not necessarily a one-way function. It is a cryptographic algorithm whose strength primarily resides in the secrecy of a key. #2.2.2: The formal description is quite confusing. among other things, R is defined as a resource and then used for a request. Also, what is the K parameter listed at the end of the definition. #2.6: "Applications are expected to normalize application specific semantics prior to handing data to a XML-signature application." note: Why? It shall be sufficient to specify the canonicalizer to be used by the signature engine... #2.6/2.7: You refer to XML-signature application. Is that correct? Don't you think that we are referring to any XML application that makes use of the XML Signature Specification? #3.2.2: see current discussion on the list... Richard D.
Received on Monday, 27 September 1999 15:28:15 UTC