- From: Eugene Kuznetsov <eugene@datapower.com>
- Date: Sun, 19 Oct 2003 18:14:54 -0400
- To: "'Don Park'" <donpark@docuverse.com>, <w3c-ietf-xmldsig@w3.org>
> IMHO, these issues are of little importance to Visa, issuers, > and merchants because there are not enough incentives for them > to correct these problems at this time. Why in the world would > a merchant want to pull down their system for even ten minutes > so XML experts can sleep at night? Why did they use XML to begin with? Don, scratch Rich's suggestion -- why don't you just tell them to base64-encode SET, wrap it in some angle-brackets, and carry on as before. ;-) What the hell is the point of using XML specs if you don't intend it to interoperate? As someone who already has hardware that does XML crypto, I'm unimpressed that special breaking of the standard is required for either hardware support or security. > They just need to remove mention of XML DSig from their papers and > everyone would be happy :) Aleksey, actually, that's a good suggestion -- maybe the W3C would like to take this up? To the original questioner, this whole thread should provide much-needed confirmation that XML DSIG is so mature, that a whole bunch of people are already cranky about some implementations not being properly compliant, and others have had time to develop a bad attitude. That's a mark of a mature standard! \\ Eugene Kuznetsov, Chairman & CTO \\ eugene@datapower.com \\ DataPower Technology, Inc. \\ http://www.datapower.com - XS40 XML Security Gateway
Received on Sunday, 19 October 2003 18:22:45 UTC