Closing (again) Issue on 6.1 SignatureMethod

After further conversation regarding section 6.1, I think the following is
the best representation of the WG intent (basically, the document is

1. The document will continue to state, "This specification defines a set of
algorithms, their URIs, and requirements for implementation. Requirements
are specified over implementation, not over requirements for signature use."
We'll continue to rely upon the text in 8.4 [1] to warn Signature users of
the potential hazards of other algorithms, "Even more care may be warranted
with application defined algorithms."
2. There's no proposal nor agreement to change the definitions or dataytpes
of SignatureValue, SignatureProperty, or KeyInfo.
3. To answer the thread on hash algorithms as signature algorithms, the
natural language definition of Signature requires a key to be associated
with the content, consequently a simple hash SignatureMethod is an incorrect
reading of the specification. Enforcement of this requirement falls to the
users of the Signature applications (like all the issues in section 8 [2]).


Joseph Reagle Jr.   
W3C Policy Analyst      
IETF/W3C XML-Signature Co-Chair

Received on Tuesday, 20 June 2000 15:23:56 UTC