RE: Poll on Exclusive Canonicalization from Joseph M. Reagle Jr. on 2001-06-19 (w3c-ietf-xmldsig@w3.org from April to June 2001)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Tue, 19 Jun 2001 15:34:29 -0400
To: "Donald Eastlake" <dee3@torque.pothole.com>, <lde008@dma.isg.mot.com>
Cc: "XMLSigWG" <w3c-ietf-xmldsig@w3.org>
Message-Id: <4.3.2.7.2.20010619151158.030073c0@localhost>

[Speaking with my own hat on, but trying to be diplomatic none-the-less! 
<grin/>]

I'm still hoping to hear from a few more implementors on the list ASAP, but 
a few things form the discussion so far have tweaked my options in the 
following way:

1. Not a clear consensus so far. In fact, since regardless of how we want to 
get interop on this (in dsig, in dsig-more, as a separate spec/namespace), 
we haven't yet had any of those folks in the interop matrix indicate this is 
their preference with an offer to implement a solution soon.

>Boyer: option 2 with many caveats
>    http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001AprJun/0304.html
>Geuer-Pollmann: I vote for option 2 - Recommended.
>    http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001AprJun/0299.html
>Mark Bartel: option 2 and REQUIRED.
>    http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001AprJun/0303.html
>Brian LaMacchia: option 1
>    http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001AprJun/0310.html
>Gregor Karlinger: option 1
>    http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001AprJun/0311.html

2. Given John's points, and some of my own concerns, I don't think it's as 
trivial issue as I had first hoped, and a solution will take some work. I'm 
no longer as comfortable with adding a few paragraphs in dsig, getting two 
interops and moving forward. I'm beginning to think it merits its own spec 
(though it can still be a couple pages and rely upon Canonical XML), a last 
call (to get the attention of the XML community) and intensive interop.

3. I agree with Brian, including it in dsig but making it anything other 
than MUST seems besides the point. I don't deny this algorithm is a very 
useful thing. But I don't see how a SHOULD in dsig (or even a MUST) does 
anything more *than the actual need* for it will do. XMLDSIG and Canonical 
XML are solid and work for scenarios outside of this one quite well. If 
folks need exclusive c14n, they'll keep on us to do a good job and get it 
out ASAP and they'll use it if they need it.

So, my diplomatic skills seem in question when the result favors my own 
partisan position <smile/>, but I'm not sure what other options we have?



--
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Tuesday, 19 June 2001 15:35:03 UTC