On 4/14/09 2:51 PM, timeless wrote:
Marcos Caceres<[email protected]> wrote:
Although I agree that it was probably a short-sightedness mistake on
our part to not have looked at JAR signing at the start of this
process, I think it is too late for you to ask us to dump over a year
worth of work on this spec - especially as we are about to go to Last
Call and have significant industry support (BONDI) for using XML
Signatures.
Although I also agree that there are issues with
canonicalization, I find it hard to believe that JAR signatures are
not without their own problems. I think it would be more productive to
help us address the issues that you mentioned, instead of asking us to
dump everything and start again.
I'm willing to drop XML signing :)
I guess I never really understood enough about why we went off on XML
signing and didn't think to ask why we didn't look at JAR signing :(
I guess it was "it was not done here (w3c)" syndrome.
Kind regards,
Marcos
