Re: additional XMLDSIG URIs

     The main advantage fixed URI's do have over OID's as algorithm
descriptors from a developer's standpoint is, after all, that you can look
at the URI and make a claim like "If there's online information on this
algorithm, it or a link to it should be in this place".  By comparison,
chasing down the definition for a given OID may not be quick, automated, or
cheap.
     If a URI is not dereferenceable, its usefulness is much closer to that
an OID, except that it's somewhat larger.  The domain name may give you a
contact without manually going through intermediate assignment authorities,
but that's all.

          Tom Gindin


"Donald E. Eastlake 3rd" <dee3@torque.pothole.com> on 04/19/2001 10:52:07
PM

To:   Tom Gindin/Watson/IBM@IBMUS
cc:   <w3c-ietf-xmldsig@w3.org>
Subject:  Re: additional XMLDSIG URIs




I didn't claim there weren't any tables of OIDs in the world.  But it
is fundamentally different from domain names whose intent in to be
indexes into an on-line distributed data bases and where it is an
error for the corresponding node not to be automatically locatable.

Donald

From:  "Tom Gindin" <tgindin@us.ibm.com>
Importance:  Normal
To:  "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc:  "Brian LaMacchia" <bal@microsoft.com>, <w3c-ietf-xmldsig@w3.org>
Message-ID:
<OF80F0095A.3C0205C4-ON85256A33.004CE750@somers.hqregion.ibm.com>
Date:  Thu, 19 Apr 2001 10:10:35 -0400

>"Donald E. Eastlake 3rd" <dee3@torque.pothole.com>@w3.org on 04/19/2001
>09:12:45 AM
>
>Sent by:  w3c-ietf-xmldsig-request@w3.org
>
>
>To:   "Brian LaMacchia" <bal@microsoft.com>
>cc:   <w3c-ietf-xmldsig@w3.org>, <lde008@dms.isg.mot.com>
>Subject:  Re: additional XMLDSIG URIs
>(snip)
>My draft doesn't prohibit there being anything at the URL's. These
>additional URIs are, at this instant, not part of the W3C standard or
>otherwise in the orbit of the W3C.  The XMDLSIG standard permits
>algorithms defined by other orgnanizations, such as these, and does
>not require them to be dereferencable.  Do you want to change the
>XMLDSIG standard to require dereferencability?
>
>But I still don't understand why you assume the suggested URIs would
>not be dereferencable.  In fact, I would think that the IETF would be
>more stable and better able to keep material there than you typical
>current dot.com.  Furthermore, I can't understand why you say they
>would be like OIDs.  There is no global database or protocol system
>associated with OIDs that I am aware of.  Domain names and URIs are
>inherently different in having a global database, which usually
>contains physical address pointers, and a system of protocols
>associated with them.
>
>[TG] The closest thing I know of to a global database currently existing
>for OID's is Harald Alvestrand's volunteer effort at
>http://www.alvestrand.no/objectid/.  It is far from comprehensive, but
>individuals who have assigned new OID's for their organizations may submit
>the definitions there.  ITU's X.660 standard does not mandate any form of
>publication, and dereferencing an OID from ANSI cost USD 40 the last time
I
>looked.  There is a distributed global database for OID's, but there is no
>common publication or distribution method even recommended.
>
>(snip)

Received on Friday, 20 April 2001 08:17:26 UTC