RE: [regrep] Vote on version 2.03 - ACTION ITEM

["Munter, Joel D" <joel.d.munter@intel.com>]

My primary argument is, "financial and technological barriers to entry."  Certificate acquisition and management are not free and not trivial.  From a practical point, I may choose to make some things that I publish, purely public and dsig just simply is not required.  I want to be able to choose what I sign.  imho Signing entries should be optional.  It has been suggested (by others) that the first two might be reconsidered in the V3 timeframe.

Joel 

 

-----Original Message-----
From: Damodaran, Suresh [mailto:Suresh_Damodaran@stercomm.com]
Sent: Thursday, June 13, 2002 7:57 AM
To: 'Munter, Joel D'; 'Oasis Registry TC'
Cc: Mikula, Norbert H
Subject: RE: [regrep] Vote on version 2.03 - ACTION ITEM

Joel,

 

Responses to your security related, "non-typo" type of comments below.

 

 

Regards,

-Suresh
Sterling Commerce  

-----Original Message-----
From: Munter, Joel D [mailto:joel.d.munter@intel.com]
Sent: Wednesday, June 12, 2002 5:45 PM
To: 'Oasis Registry TC'

 

<snip>

 

line 3696:3697: I still believe that this specification should NOT mandate digital signature for all content per the statement "The Registry Client has to sign the contents before submission - otherwise the content will be rejected."

 

line 3733:3734: I have the same objection to mandating digital signatures on payloads per the text "This packaging assumes that the payload is always signed."
[Damodaran, Suresh] What is your rationale behind your objection?

 

line 3876:3877: Should the second occurrence of public key in the following sentence, "To validate a signature, the recipient of the signature needs the public key corresponding to the signer's public key.," actually be private key?  If not then something else seems very awkward about this sentence.
[Damodaran, Suresh] You are right. It should be "private key." 

 

<snip>