- From: Joseph Reagle <reagle@w3.org>
- Date: Tue, 9 Apr 2002 09:30:43 -0400
- To: merlin <merlin@baltimore.ie>
- Cc: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>, xml-encryption@w3.org
On Monday 08 April 2002 19:22, merlin wrote: > Does it need a new namespace? It's just deprecating an old ambiguous > algorithm URI and replacing it with a new, more explicit URI in the same > namespace. We're not changing the schema. I like the new algorithm-ID as well. (For my clarity, do you agree with the URI Donald proposed, with the "-p" on the end?) However, when we are in CR we have an obligation [a] not to cause existing implementations of that namespace to break with respect to application behaviour or invalidating existing syntax. You're right about the syntax, but we still have an obligation to return something if someone looks at the old URI. Either it should dereference to something saying it's deprecated, or continue to point to an older spec (and not the REC). [a] http://www.w3.org/1999/10/nsuri Consequently, I don't think we need to change the namespace of the whole spec. I think we have two decent solutions to choose from. (I prefer the first, so people know explicitly it is deprecated and it's less confusing.) (1) In the spec we say the following is deprecated: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p and replaced by http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1-sha1-p (2) Or we drop the old one from the spec all-together and replace it with a new one (notice the year/month change). http://www.w3.org/2002/03/xmlenc#rsa-oaep-mgf1-sha1-p I've repsented option 1 in: http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/Overview.html#sec-RSA-OAEP new revision: 1.172
Received on Tuesday, 9 April 2002 09:30:50 UTC