- From: Jose Kahan <jose.kahan@w3.org>
- Date: Thu, 8 Jul 2004 20:45:09 +0200
- To: www-xkms@w3.org
Hi,
Per my action item, I consulted with my colleagues how to make
the schema change. As I suspected it requires more verification
from our side. More precisely, quoting Dan Connolly's message:
---
The answer depends on real-world data about which design
is more widely deployed and what it costs (outside the WG
as well as inside) to change it.
---
We need to estimate what has been implemented and
what are the consequences of making this change, will it change
existing implementations and how much, how easy it will be for other
people to adopt the change.
If we can't give this estimation, we have to make this change in a way
that's fair to existing implementations. If it's too expensive,
we may opt to keep xkms:RSAKeyValue then.
You'll find here below a summary of the issues.
Please send your feedback as to whether this change will break
your implementation
-- What is the proposed change (from Tommy's mail)
The spec refers to xkms:RSAKeyPair to communicate the public and
private parts of an RSA key (section 6.4), but the schema and
the examples use xkms:RSAKeyValue. Tommy and Stephen propose to make the
change to xkms:RSAKeyPair as it makes more sense and this removes
any possible confusion with ds:RSAKeyValue.
-- What do actual implementations do now?
I don't know if current implementations are using RSAKeyValue or
RSAKeyPair. Have people used the schema or the spec itself
when defining their service?
I am not sure if this element is only used when doing an X-KRSS
recover operation or if it can be used elsewhere. Maybe when
generating or registrering a key.
-- How will this change existing test cases?
-- What we will do if some peple say yes and some say no to this change?
-- Do the resulting implementations interoperate?
--- What are the failure modes? clearly reported errors
or subtle security bugs?
-- Who's likely to say yes? Who's likely to say no?
-jose
Received on Thursday, 8 July 2004 14:46:15 UTC