On Wednesday 04 January 2012 09:19:51 Arthur Barstow wrote:
> In case it isn't clear, I don't think anyone suggested the ECC stuff
> should be "deprecated". On the contrary, I think it makes sense for ECC
> to be an algorithm for XMLDigSig1.1. However, some of us have advocated
> the syntax be s
On 1/3/12 4:22 AM, ext Rigo Wenning wrote:
My aim as PAG chair is to conclude by March. The solution is still open. We
don't know yet whether the algorithms used by XML SIG or ENC really violate
the declared patents. We will hopefully know until then.
I'm still waiting for one response from MIT
Hi all,
Frederick is innocent!
My aim as PAG chair is to conclude by March. The solution is still open. We
don't know yet whether the algorithms used by XML SIG or ENC really violate
the declared patents. We will hopefully know until then.
I'm still waiting for one response from MIT but wil
On Tuesday, 3 January 2012 at 13:07, frederick.hir...@nokia.com wrote:
> No I am not.
>
> Marcos took my email that expressed my hopes and turned it into a hard
> deadline, which I do not agree with.
I'm also *hopeful* that it will be published sometime in March. If not, it's no
drama to up
No I am not.
Marcos took my email that expressed my hopes and turned it into a hard
deadline, which I do not agree with.
I suggest we let Rigo/Thomas continue this thread.
regards, Frederick
Frederick Hirsch
Nokia
On Jan 3, 2012, at 7:23 AM, Arthur Barstow wrote:
> On 12/29/11 11:18 AM,
On 12/29/11 11:18 AM, Hirsch Frederick (Nokia-CIC/Boston) wrote:
Marcos
My expectation is that we should have a PAG update on progress in the first week of January
(hopefully) and a timeline like Rigo noted, with full resolution of the iPR issue by March - but
only the PAG chair knows the real
On Thursday, 29 December 2011 at 16:22, Marcos Caceres wrote:
>
>
>
> On Thursday, 29 December 2011 at 16:18, frederick.hir...@nokia.com
> (mailto:frederick.hir...@nokia.com) wrote:
>
> > Marcos
> >
> > My expectation is that we should have a PAG update on progress in the first
> > week
On Thursday, 29 December 2011 at 16:18, frederick.hir...@nokia.com wrote:
> Marcos
>
> My expectation is that we should have a PAG update on progress in the first
> week of January (hopefully) and a timeline like Rigo noted, with full
> resolution of the iPR issue by March - but only the PA
Marcos
My expectation is that we should have a PAG update on progress in the first
week of January (hopefully) and a timeline like Rigo noted, with full
resolution of the iPR issue by March - but only the PAG chair knows the reality
since my expectations are as a "customer" of the PAG output. I
On Thursday, 29 December 2011 at 14:11, frederick.hir...@nokia.com wrote:
> As I said before, this action is premature and we should let the PAG conclude
> (or at least wait for a status report) - the W3C Team may have more to say,
> but if this is on the order of weeks I do not think making
As I said before, this action is premature and we should let the PAG conclude
(or at least wait for a status report) - the W3C Team may have more to say, but
if this is on the order of weeks I do not think making work here to have
apparent progress is useful. I have not seen a definitive stateme
On Wednesday, 21 December 2011 at 16:25, Rigo Wenning wrote:
> Hi Art,
>
> the pessimistic XMLSECPAG chair told you that it wouldn't resolve within
> days.
> But I hope to have a clear view and plan by the end of January. Executing
> that
> plan may take some time. Plan is to resolve unti
Hi Art,
the pessimistic XMLSECPAG chair told you that it wouldn't resolve within days.
But I hope to have a clear view and plan by the end of January. Executing that
plan may take some time. Plan is to resolve until end of March, if everything
goes well. Well meaning a decision of the PAG and
TLR, FH, XMLSecWG,
On 12/21/11 6:03 AM, ext Marcos Caceres wrote:
Lets go back an look at the options we have to divorce Widgets/XML Dig Sig
from Elliptic Curve:
1. Remove ECC from XML Dig Sig (in my opinion, "the right thing to do"™):
pros:
- frees both XML Dig Sig and Widgets
As fun as this is, all this mud slinging is really not getting us anywhere
useful.
Lets go back an look at the options we have to divorce Widgets/XML Dig Sig
from Elliptic Curve:
1. Remove ECC from XML Dig Sig (in my opinion, "the right thing to do"™):
pros:
- frees both XM
TL;DR: JC and Leonard are right.
Pointing to a moving target makes any statement about conformance pretty
much unusable in the real world. Which is significantly worse than having
a statement of conformance to something known to contain errors and bugs.
Browsers don't implement "living standards
On Mon, Dec 19, 2011 at 9:43 AM, Glenn Adams wrote:
> in other words, I believe that the W3C's tasks do not necessarily have to
> include normatively defining specific concrete version mappings for
> dependent spec references; this can be accomplished in (2), which need not
> be done by the W3C (
conformance definitions are not compliance testing; i did not use the word
"conformance";
there are (at least) four different, independent tasks here:
1. defining conformance specifications
2. defining compliance test specifications
3. performing certification (i.e., applying compliance
On 19/12/11 16:55 , Glenn Adams wrote:
...However, the W3C has historically not defined compliance test
specifications or perform compliance testing of either content,
servers, or clients...
JCD: To name just the specs I know because I participated in writing them:
- SVGT 1.2 appendix D: confor
+1 for Marcos' position. If the W3C performed compliance testing, then it
would perhaps be more appropriate to reference specific versions, at least
in a compliance test specification. However, the W3C has historically not
defined compliance test specifications or perform compliance testing of
eit
Jean-Claude,
On Monday, December 19, 2011 at 12:37 PM, Jean-Claude Dufourd wrote:
> Marcos
>
> You are replying beside the point everywhere.
> Please read again what Leonard wrote about undated references. Leonard
> is right.
I'm sorry, but Leonard is not correct: this is the W3C, not ISO.
Marcos
You are replying beside the point everywhere.
Please read again what Leonard wrote about undated references. Leonard
is right.
In ISO specs, undated references are forbidden. There is a team of
people (called ITTF) whose job includes checking these things and
bugging spec editors to fix
On Monday, December 19, 2011 at 8:55 AM, Jean-Claude Dufourd wrote:
> On 18/12/11 20:31 , Marcos Caceres wrote:
> >
> > On Sunday, December 18, 2011 at 5:45 PM, Leonard Rosenthol wrote:
> >
> > > Undated references (what you are suggesting) has the MAJOR PROBLEM that
> > > it makes it DIFFI
On 18/12/11 20:31 , Marcos Caceres wrote:
On Sunday, December 18, 2011 at 5:45 PM, Leonard Rosenthol wrote:
Undated references (what you are suggesting) has the MAJOR PROBLEM that it
makes it DIFFICULT/IMPOSSIBLE to do validation of any product that claims
conformance to a standard – since i
On Dec 18, 2011, at 8:49 PM, Leonard Rosenthol wrote:
> On 12/18/11 2:31 PM, "Marcos Caceres" wrote:
>> On Sunday, December 18, 2011 at 5:45 PM, Leonard Rosenthol wrote:
>>> Undated references (what you are suggesting) has the MAJOR PROBLEM that
>>> it makes it DIFFICULT/IMPOSSIBLE to do valid
On 12/18/11 2:31 PM, "Marcos Caceres" wrote:
>On Sunday, December 18, 2011 at 5:45 PM, Leonard Rosenthol wrote:
>> Undated references (what you are suggesting) has the MAJOR PROBLEM that
>>it makes it DIFFICULT/IMPOSSIBLE to do validation of any product that
>>claims conformance to a standard si
On Sunday, December 18, 2011 at 5:45 PM, Leonard Rosenthol wrote:
> Undated references (what you are suggesting) has the MAJOR PROBLEM that it
> makes it DIFFICULT/IMPOSSIBLE to do validation of any product that claims
> conformance to a standard – since it's impossible to determine which vers
mailto:public-webapps@w3.org>"
mailto:public-webapps@w3.org>>,
"public-xml...@w3.org<mailto:public-xml...@w3.org>"
mailto:public-xml...@w3.org>>
Subject: Re: [widgets] How to divorce widgets-digsig from Elliptic Curve PAG?
I think I have a better solution...
1.
I think I have a better solution...
1. Widgets points to unversioned: http://www.w3.org/TR/xmldsig-core/
2. when XML dig sig pag finishes and spec goes to rec, XML Dig Sig 1.X (and
future versions) gets put at http://www.w3.org/TR/xmldsig-core/
3. Done.
That way widgets always just depend on lat
On 12/15/11 11:51 AM, ext Brian LaMacchia wrote:
Hello all,
Sorry for coming to this thread late (I'm on vacation) but I want to comment on
a number of points raised during this thread:
1) Concerning the suggestion to move ECDSA out of XMLDSIG 1.1, that suggestion
is a non-starter for XMLDSIG
On Thursday, December 15, 2011 at 4:51 PM, Brian LaMacchia wrote:
> 3) Widget-DSig's choice of RSA-4096 is particularly surprising given the
> increased size of the signature & verification cost relative to ECDSA-SHA256.
> That's not going to be efficient to validate, especially not for smartp
On Thursday, December 15, 2011 at 4:51 PM, Brian LaMacchia wrote:
> Hello all,
>
> Sorry for coming to this thread late (I'm on vacation) but I want to comment
> on a number of points raised during this thread:
>
> 1) Concerning the suggestion to move ECDSA out of XMLDSIG 1.1, that
> sugge
Subject: Re: [widgets] How to divorce widgets-digsig from Elliptic Curve PAG?
Works for me, too.
--
Thomas Roessler, W3C(@roessler)
On 2011-12-13, at 22:14 +0100, Philippe Le Hegaret wrote:
> On Tue, 2011-12-13 at 13:14 -0500, Arthur Barstow wrote:
>> Hi All,
>>
>> T
Works for me, too.
--
Thomas Roessler, W3C(@roessler)
On 2011-12-13, at 22:14 +0100, Philippe Le Hegaret wrote:
> On Tue, 2011-12-13 at 13:14 -0500, Arthur Barstow wrote:
>> Hi All,
>>
>> The Widgets DigSig spec [W-DigSig] has been sitting in PR for over 4
>> months now, blocked on th
On Wednesday, December 14, 2011 at 10:31 PM, Marcos Caceres wrote:
>
>
> On Wednesday, 14 December 2011 at 21:06, Rigo Wenning wrote:
>
> > Hi all,
> >
> > as the PAG chair of this XMLSEC PAG, let me tell you that support from the
> > industry in sorting this out was low so far. What I hea
On Wednesday, 14 December 2011 at 21:06, Rigo Wenning wrote:
> Hi all,
>
> as the PAG chair of this XMLSEC PAG, let me tell you that support from the
> industry in sorting this out was low so far. What I heard through the
> grapevine was more or less: "We know, but we can't tell you".
>
>
Hi all,
as the PAG chair of this XMLSEC PAG, let me tell you that support from the
industry in sorting this out was low so far. What I heard through the
grapevine was more or less: "We know, but we can't tell you".
For the moment, W3C is asking for cost estimates to figure out what most of
t
This certainly WFM.
TLR, PLH - what needs to be done to make this happen?
-AB
On 12/14/11 2:21 PM, Hirsch Frederick (Nokia-CIC/Boston) wrote:
this seems logical, in that any outcome for ECC (ranging from continued
inclusion to removal) would have no impact on widget signature given this lack
this seems logical, in that any outcome for ECC (ranging from continued
inclusion to removal) would have no impact on widget signature given this lack
of specific dependency.
regards, Frederick
Frederick Hirsch
Nokia
On Dec 14, 2011, at 2:12 PM, ext Marcos Caceres wrote:
>
>
> On Tuesday
On Tuesday, December 13, 2011 at 9:14 PM, Philippe Le Hegaret wrote:
> On Tue, 2011-12-13 at 13:14 -0500, Arthur Barstow wrote:
>
> An other one was for the Director to decide to move the document forward
> anyway because W-DigSig doesn't depend on ECC.
>
> Thomas, any suggestion?
>
I person
I'm suggesting we let the XMLSec PAG conclude before taking that step (or
another possibility), but obviously that depends on the PAG timeline going
forward.
regards, Frederick
Frederick Hirsch
Nokia
On Dec 14, 2011, at 2:08 PM, Arthur Barstow wrote:
> So what about option #2 below? -AB
So what about option #2 below? -AB
On 12/14/11 2:00 PM, Hirsch Frederick (Nokia-CIC/Boston) wrote:
Art
I think switching the dependency to XML Signature 1.0 is a bad idea, noting
that 1.1 has fixed errors, and addressed security vulnerabilities, including
updates to algorithms (other than ecc
oops, wrong explain, instead see
http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/explain.html 6.1, 6.2*,
6.3.1, 6.4.2 (e.g. move away from SHA-1)
regards, Frederick
Frederick Hirsch
Nokia
On Dec 14, 2011, at 2:00 PM, Hirsch Frederick (Nokia-CIC/Boston) wrote:
> Art
>
> I think switchi
Art
I think switching the dependency to XML Signature 1.0 is a bad idea, noting
that 1.1 has fixed errors, and addressed security vulnerabilities, including
updates to algorithms (other than ecc) to address known weaknesses.
details in http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/explain
On Tue, 2011-12-13 at 13:14 -0500, Arthur Barstow wrote:
> Hi All,
>
> The Widgets DigSig spec [W-DigSig] has been sitting in PR for over 4
> months now, blocked on the Elliptic Curve PAG [ECC-PAG]. AFAICT, this
> PAG has just started its unspecified length Fishing Expedition seeking
> some uns
Hi All,
The Widgets DigSig spec [W-DigSig] has been sitting in PR for over 4
months now, blocked on the Elliptic Curve PAG [ECC-PAG]. AFAICT, this
PAG has just started its unspecified length Fishing Expedition seeking
some unspecified level of funds to pay for some type of analysis that
will
46 matches
Mail list logo