Namespaces (Was: Re: Canonicalization)

In response to [1]; cc'd to chairs since I think it is a common issue to all
W3C WGs.

[1] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/1999OctDec/0132.html

At 21:32 99/10/21 -0400, Donald E. Eastlake 3rd wrote:
 >Seems like a good argument for a shorter namespace URI, like
 >"http://w3.org/sig-v1".  
>>At Thu, 21 Oct 1999 16:06:57 -0700 , Jim Schaad wrote:
>>In this example, the first 62% of the document (roughly 840 characters) is
>>the same for all signed messages. (This assumes that the same
>>canonicalization and signature algorithm are routinely used.)  This means

I would certainly like smaller namespaces, but (unfortunately) the namespace
I provided is in compliance with the editorial/namespace allocation policies
of the W3C -- though I'm not sure where they are formally documented, but
TimBL stated www.w3.org is the host name of the W3C, so not much to do
there. I don't think W3C would allocate a top level directory for a
namespace and the W3C tends to lean towards dated spaces...

1. For xml-namespace purposes I don't see this as too much of a readability
problem since you can declare it once and use a prefix.
2. For xml-namespaces when expaned in c14n form and hashed, we have a unique
problem that we are going to have _lots_ of redundancy that can lead to
weaker signatures. I hope we create a nonce element that one can stick at
the beginning of the signature.
3. For readable property types I do see this as a big problem, stuff like:
        http://www.w3.org/1999/10/signature-core/manifest 
is pretty ugly. It'd be nice if there were a "entity" or "macro" (similar to
prefix) that one could use to map namespaces to something more terse.


_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://w3.org/People/Reagle/

Received on Friday, 22 October 1999 10:42:57 UTC