- From: Gregor Karlinger <gregor.karlinger@iaik.at>
- Date: Wed, 24 Jan 2001 14:35:31 +0100
- To: "Carl Wallace" <cwallace@erols.com>, "merlin" <merlin@baltimore.ie>, "Donald E. Eastlake 3rd" <lde008@dma.isg.mot.com>
- Cc: <w3c-ietf-xmldsig@w3.org>
Carl, > > Allowing option (2) is the same mechanism at one structural level > > lower, isn't it? If there is information within a X509Data element > > which I do not understand, I simply ignore it. If the information > > is critical, then (1) must be used to derive a new x509 data type > > in a different namespace. > > It is a similar mechanism one level lower, but isn't it cleaner for the > mechanism to exist at one level instead of two and in one data > type instead > of five? You are right, this is the cleaner solution, since there are less options to do similar things. But (2) allows it to augment types, and this types can still be used by applications only aware of the basic XML-Signature syntax. > Option two opens the possibility of encountering an X509Data > element, or potentially worse a KeyValue element, that contains only > material that you do not understand. As I already stated in my first response to the poll earlier this day [1], one should use option (2) only if there is enough information in the type that an application only aware of the basic syntax of XML-Signature can still process the - lets say - X509Data element. If the X509Data is augmented in a way that there is no common structure with the ur type any more, one should not use (2) but define a new type using option (1). --- [1] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001JanMar/0040.html Regards, Gregor --------------------------------------------------------------- DI Gregor Karlinger mailto:gregor.karlinger@iaik.at http://www.iaik.at Phone +43 316 873 5541 Institute for Applied Information Processing and Communications Austria ---------------------------------------------------------------
Received on Wednesday, 24 January 2001 08:31:53 UTC