At 11:38 PM -0500 2/23/06, Robert Sayre wrote:
On 2/23/06, Paul Hoffman <[EMAIL PROTECTED]> wrote:
>That's why we added a
>bunch of specifics to the XML Security section in the format document.
Quite true. In the case of the format document, there was one
standard way to protect XML data.
We didn't use the standard way. We explicitly instructed implementors
to ignore mandatory-to-implement requirements in XML-Dsig and XML-Enc,
and use our better way. See RFC4287, section 5.1 paragraph 5, section
5.1 paragraph 7, and section 5.2 paragraph 2.
Good point.
That may have been
totally reasonable. I don't really know.
We hope it was. :-)
> For HTTP, there are many.
Almost all of them aren't any good, and the most popular way is to use
cookies. So maybe we could say that.
We don't have to be rude and say that they "aren't any good", but we
should say that there is no single standard and that none of the
standards are obviously compelling.
--Paul Hoffman, Director
--Internet Mail Consortium
