- From: Tom Gindin <tgindin@us.ibm.com>
- Date: Fri, 20 Apr 2001 08:16:37 -0400
- To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
- Cc: <w3c-ietf-xmldsig@w3.org>
The main advantage fixed URI's do have over OID's as algorithm descriptors from a developer's standpoint is, after all, that you can look at the URI and make a claim like "If there's online information on this algorithm, it or a link to it should be in this place". By comparison, chasing down the definition for a given OID may not be quick, automated, or cheap. If a URI is not dereferenceable, its usefulness is much closer to that an OID, except that it's somewhat larger. The domain name may give you a contact without manually going through intermediate assignment authorities, but that's all. Tom Gindin "Donald E. Eastlake 3rd" <dee3@torque.pothole.com> on 04/19/2001 10:52:07 PM To: Tom Gindin/Watson/IBM@IBMUS cc: <w3c-ietf-xmldsig@w3.org> Subject: Re: additional XMLDSIG URIs I didn't claim there weren't any tables of OIDs in the world. But it is fundamentally different from domain names whose intent in to be indexes into an on-line distributed data bases and where it is an error for the corresponding node not to be automatically locatable. Donald From: "Tom Gindin" <tgindin@us.ibm.com> Importance: Normal To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com> Cc: "Brian LaMacchia" <bal@microsoft.com>, <w3c-ietf-xmldsig@w3.org> Message-ID: <OF80F0095A.3C0205C4-ON85256A33.004CE750@somers.hqregion.ibm.com> Date: Thu, 19 Apr 2001 10:10:35 -0400 >"Donald E. Eastlake 3rd" <dee3@torque.pothole.com>@w3.org on 04/19/2001 >09:12:45 AM > >Sent by: w3c-ietf-xmldsig-request@w3.org > > >To: "Brian LaMacchia" <bal@microsoft.com> >cc: <w3c-ietf-xmldsig@w3.org>, <lde008@dms.isg.mot.com> >Subject: Re: additional XMLDSIG URIs >(snip) >My draft doesn't prohibit there being anything at the URL's. These >additional URIs are, at this instant, not part of the W3C standard or >otherwise in the orbit of the W3C. The XMDLSIG standard permits >algorithms defined by other orgnanizations, such as these, and does >not require them to be dereferencable. Do you want to change the >XMLDSIG standard to require dereferencability? > >But I still don't understand why you assume the suggested URIs would >not be dereferencable. In fact, I would think that the IETF would be >more stable and better able to keep material there than you typical >current dot.com. Furthermore, I can't understand why you say they >would be like OIDs. There is no global database or protocol system >associated with OIDs that I am aware of. Domain names and URIs are >inherently different in having a global database, which usually >contains physical address pointers, and a system of protocols >associated with them. > >[TG] The closest thing I know of to a global database currently existing >for OID's is Harald Alvestrand's volunteer effort at >http://www.alvestrand.no/objectid/. It is far from comprehensive, but >individuals who have assigned new OID's for their organizations may submit >the definitions there. ITU's X.660 standard does not mandate any form of >publication, and dereferencing an OID from ANSI cost USD 40 the last time I >looked. There is a distributed global database for OID's, but there is no >common publication or distribution method even recommended. > >(snip)
Received on Friday, 20 April 2001 08:17:26 UTC