- From: Brian McBride <bwm@hplb.hpl.hp.com>
- Date: Tue, 31 Jul 2001 00:43:41 +0100
- To: Ron Daniel <rdaniel@interwoven.com>
- CC: Graham Klyne <Graham.Klyne@Baltimore.com>, w3c-rdfcore-wg@w3.org
Hi Ron, From one lazy slob to another, I wasn't, nor I think was anyone else, suggesting the working group take on the task of defining an algorithm for signing a model. Brian Ron Daniel wrote: > > Hi all, > > I'm back from vacation, starting to catch up on the > backlog. Apologies if this issue has already been settled, > I did not see such in the minutes. (Speaking of which, > I don't see the minutes for July 27 in the archive). > > Brian said: > > > I should have made clear that my hypothesis here is that it is > > the 'model' that was signed, not the document. > > There are not very many use cases for signing an internal > representation instead of the serialized form which is > actually transmitted. The main concerns people use signatures > to address are: > 1) Did this come from whom it purports to come from? > 2) Is this an unaltered version of what they sent? > Both of these are perfectly well-served by signing the > serialized form of a graph. Signing internal representations > ends up with a lot of problems around canonicalization > such as byte order issues, as well as a tendency to > restrict optimizations. > > There are some other reasons not to take on the task > of signing the 'model', including: > 1) insufficient number of WG members who are security experts > 2) interference with the chartered XML signatures work (which > is the group that does have the security experts) > 3) lack of demonstrated needs which can't be met by > signing the serialized form of a model. > 4) lack of charter to take this on > 5) time and effort > > Lazy slob that I am, I don't want to take on more work > than is needed. > > Ron Daniel Jr. > Standards Architect > Tel: +1 415 778 3113 > Fax: +1 415 778 3131 > Email: rdaniel@interwoven.com > > Visit www.interwoven.com > Moving Business to the Web
Received on Monday, 30 July 2001 19:47:04 UTC