Re: Further XML-SIG errata?

On Thursday 07 April 2005 07:07, Tommy Lindberg wrote:
> Perhaps one thing that could be done would be to explicitly document
> all PGP packet types that can be used as content in a <PGPKeyPacket>
> element.  It may of course be more descriptive to have additional
> elements to carry the additional PGP packets, but I can't assess if
> that is meaningful with respect to processing.

Ok, I do think the ambiguity is a legitimate issue for errata consideration. 
However, I am not sure how to resolve it well. The first issues of the 2nd 
CR was "MgmtData and the children of X509, PGPData, and SPKIData should be 
shown to to be implemented and interoperate." [1] Merlin and Gregor 
exercised X509 but no one involved used PGPData and SPKIData. Their 
retention was justified as "PS: It also appears that PGPData and SPKIData 
can be treated as syntactic hooks and retained without the demonstration of 
specific interoperability." [2]

So I would conclude on that basis that (1) we shouldn't have left them in 
<smile/>, (2) or they are just hooks, use as you wish and any ambiguities 
need further specification elsewhere. Perhaps there would be no harm in 
adopting your suggestions, but absent a community of folks using it to 
inform the decision and test the interop its just a sort of weak part of 
the spec waiting for a real community to take it up. Since I'm not actively 
involved in XML Sec work presently, my inclination -- out of ignorance -- 
with respect to do the errata is to let that sleeping dog lie unless 
there's folks around who can ensure he gets a vigorous walk.

[1] http://www.w3.org/Signature/20000228-last-call-issues.html#CandidateREC
[2] 
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001AprJun/0223.html

BTW: you raised it here too, bad memory! :)
  http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2004OctDec/0006

Received on Thursday, 7 April 2005 13:49:23 UTC