Hi Marcos,
On Jan/31/2011 2:18 PM, ext Marcos Caceres wrote:
On 1/31/11 7:52 PM, Arthur Barstow wrote:
Andrey - on January 26, Marcos proposed changing the c14n algorithm in
[1] and [2] and notified the group in [3] that he updated the Editor's
Draft [ED] to reflect his proposal. He included rationale in [1].
Marcos - in what way(s) does your proposal break the signer and
validator conformance classes as defined in the June 2010 CR [CR]?
It would remove all references and dependencies on XML
Canonicalization 1.1 in favor of XML Canonicalization 1.0. Explicit
<tranform> to Canonicalization 1.1 would no longer be needed (XML Dig
Sig just defaults to 1.0). Everything else stays the same.
If an "old" widget is signed according to [CR] i.e. uses the ExC14N
algorithm and a "new" validator is implemented according to the proposed
changes (now reflected in [ED), then what happens when this new
validator process this old widget? Based on what you and I just
discussed in IRC, I believe the validation will fail. Correct?
It would be useful if we had at least a general idea regarding the
number of widgets "in the wild" that are signed using the ExC14N
algorithm. If anyone has relevant data, please send it to this mail list.
-Art Barstow
[1]
http://lists.w3.org/Archives/Public/public-webapps/2011JanMar/0247.html
[2]
http://lists.w3.org/Archives/Public/public-webapps/2011JanMar/0250.html
[3]
http://lists.w3.org/Archives/Public/public-webapps/2011JanMar/0254.html
[ED] http://dev.w3.org/2006/waf/widgets-digsig/
[CR] http://www.w3.org/TR/2010/CR-widgets-digsig-20100624/#conformance
