Re: KeyInfo type URIs from merlin on 2001-04-10 (w3c-ietf-xmldsig@w3.org from April to June 2001)

From: merlin <merlin@baltimore.ie>
Date: Tue, 10 Apr 2001 10:59:37 +0100
To: w3c-ietf-xmldsig@w3.org
Message-Id: <20010410095937.DD62C43BDA@yog-sothoth.ie.baltimore.com>

Following up to, and changing, my opinion:

I'm not sure that the language used in 4.4[1] is
entirely correct:

"The following list summarizes the |KeyInfo| types
 defined by this specification. [...]"

Technically, the DSA and RSA types are |KeyValue| types,
not |KeyInfo| types. I would suggest that we move all
the text for RSA and DSA down to just above the text
for &dsig;rawX509Certificate and there state that the
RSA and DSA |KeyValue| structures may appear as the
target of a |RetrievalMethodType| identified by the
URIs:

  http://www.w3.org/2000/09/xmldsig#DSAKeyValue
  http://www.w3.org/2000/09/xmldsig#RSAKeyValue

Merlin

[1] http://www.w3.org/Signature/Drafts/xmldsig-core/Overview.html#sec-KeyInfo

r/merlin@baltimore.ie/2001.04.10/10:40:44
>
>Hi,
>
>We use the URI &dsig;dsa-sha1 to identify the DSA signature
>algorithm; similarly, &dsig;rsa-sha1 to identify RSA with
>SHA-1. I don't believe that we should use these same URIs
>to identify the actual public key encoding. The hash
>algorithm is unrelated to the key encoding. I would suggest
>that, for the purposes of RetrievalMethod, we use the URIs:
>
>  http://www.w3.org/2000/09/xmldsig#dsa
>  http://www.w3.org/2000/09/xmldsig#rsa
>
>In particular, bear in mind that additional documents will
>be produced that define rsa-md5, etc. at which point key
>encoding URIs will become confused if they are not clarified
>here.
>
>merlin
>
>
>-----------------------------------------------------------------------------
>Baltimore Technologies plc will not be liable for direct,  special,  indirect 
>or consequential  damages  arising  from  alteration of  the contents of this
>message by a third party or as a result of any virus being passed on.
>
>In addition, certain Marketing collateral may be added from time to time to
>promote Baltimore Technologies products, services, Global e-Security or
>appearance at trade shows and conferences.
>
>This footnote confirms that this email message has been swept by
>Baltimore MIMEsweeper for Content Security threats, including
>computer viruses.
>   http://www.baltimore.com
>
>

Received on Tuesday, 10 April 2001 06:00:21 UTC