OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

regrep message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [regrep] Vote on version 2.03 - ACTION ITEM


Anne,

I must say that you and Sally have done a superb job on the specs
throughout V2.0. It is a very tough job and the only reward is the
appreciation of your colleagues and the adoption of the specs. I have my
hats off to you for the tremendous effort you put in specially in the
last few weeks right on till the very last minute of publishing the
specs. I know that you even worked part of the weekend of your wedding
anniversary.

The result of this good work is that our specs are of high quality and
something we can all be proud off.

--
Regards,
Farrukh


Anne Fischer wrote:

> FYI – There are 33,344 words in the v2.03 specification.12
> grammatical/spelling errors were pointed out yesterday.That makes the
> spec 99.97% accurate in regards to quality.I would say that is good
> enough to vote on.
>
> Anne A. Fischer
>
> Drummond Group, Inc.
>
> 817.371.2367
>
> -----Original Message-----
> From: Munter, Joel D [mailto:joel.d.munter@intel.com]
> Sent: June 13, 2002 11:14 AM
> To: 'Farrukh Najmi'
> Cc: 'Oasis Registry TC'
> Subject: RE: [regrep] Vote on version 2.03 - ACTION ITEM
>
> farrukh, et al,
>
> with respect to making any changes to a specification after a review
> of it has been done, we fundamentally disagree.  is this farrukh';s
> position or the position of the oasis ebxml registry tc?  i believe
> very strongly in quality, even at the cost of schedule.  what you
> suggest violates all of my (common) sensibility.  this sets/continues
> a very bad precedent.  as i have in the past, i will continue to
> disagree with you but will understand if the process moves on around
> me.  in this case however, i will not disagree and commit.  i cannot
> vote yes for something that is wrong.
>
> joel
>
> -----Original Message-----
> From: Farrukh Najmi [mailto:Farrukh.Najmi@Sun.COM]
> Sent: Thursday, June 13, 2002 9:09 AM
> Cc: 'Oasis Registry TC'
> Subject: Re: [regrep] Vote on version 2.03 - ACTION ITEM
>
> Joel,
>
> I was specifically referring to the issue you raised regarding
> requiring digital signatures on payloads.
>
> BTW the rationale for this requirement was that since registries
> cannot afford to verify integrity of submitted content and their
> source, a digital signature would at least provide a link to the
> source of the content.
>
> Of course I agree that typos and the "public vs. private bug" must be
> fixed in 2.1. I do however disagree that a second review cycle and
> vote should be necessary for fixing minor typos like this. I think we
> can simply say we approve the specs with specific comments they want
> to make sure are addresses.
>
> --
> Regards,
> Farrukh
>
> "Munter, Joel D" wrote:
>
> Please see my recent response to Suresh.  On the 1st two security
> related issues highlighted below, I agree. However, I strongly believe
> that the public vs. private bug (highlighted) below, as well as the
> bunch of spelling and grammatical errors that I noted in my original
> post the other day should be fixed prior to the release of v2.1.  Even
> if this means another review/approval cycle. Joel
>
> -----Original Message-----
> From: Farrukh Najmi [mailto:Farrukh.Najmi@Sun.COM]
> Sent: Thursday, June 13, 2002 8:45 AM
> To: Munter, Joel D
> Cc: 'Damodaran, Suresh'; 'Oasis Registry TC'
> Subject: Re: [regrep] Vote on version 2.03 - ACTION ITEM
>
> Joel,
>
> V2.1 is intended to be a bug fix release and not for arbitrary changes
> to the spec. We have required digital signatures on payloads since the
> earliest versions of the specs. This was not objected to by anyone in
> V1.0 or V2.0. Making any changes here would be major and I would
> advice strongly against it.
>
> --
> Regards,
> Farrukh
>
> "Munter, Joel D" wrote:
>
> My primary argument is, "financial and technological barriers to
> entry."  Certificate acquisition and management are not free and not
> trivial.  From a practical point, I may choose to make some things
> that I publish, purely public and dsig just simply is not required.  I
> want to be able to choose what I sign.  imho Signing entries should be
> optional.  It has been suggested (by others) that the first two might
> be reconsidered in the V3 timeframe.Joel
>
> -----Original Message-----
> From: Damodaran, Suresh [mailto:Suresh_Damodaran@stercomm.com]
> Sent: Thursday, June 13, 2002 7:57 AM
> To: 'Munter, Joel D'; 'Oasis Registry TC'
> Cc: Mikula, Norbert H
> Subject: RE: [regrep] Vote on version 2.03 - ACTION ITEM
>
> Joel,Responses to your security related, "non-typo" type of comments
> below.Regards,-Suresh
> Sterling Commerce
>
> -----Original Message-----
> From: Munter, Joel D [mailto:joel.d.munter@intel.com]
> Sent: Wednesday, June 12, 2002 5:45 PM
> To: 'Oasis Registry TC'
>
> <snip>line 3696:3697: I still believe that this specification should
> NOT mandate digital signature for all content per the statement "The
> Registry Client has to sign the contents before submission - otherwise
> the content will be rejected."line 3733:3734: I have the same
> objection to mandating digital signatures on payloads per the text
> "This packaging assumes that the payload is always signed."
> [Damodaran, Suresh] What is your rationale behind your objection?line
> 3876:3877: Should the second occurrence of public key in the following
> sentence, "To validate a signature, the recipient of the signature
> needs the public key corresponding to the signer's public key.,"
> actually be private key?  If not then something else seems very
> awkward about this sentence.
> [Damodaran, Suresh] You are right. It should be "private key." <snip>
>






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC