Re: [xri] SimpleSign for estabilishing the authenticity of XRD.

[Brian Eaton <beaton@google.com>]

Nat wrote>
>> If we are to take this file based approach, we have to define how the
>> signature will work for XRDS.

That seems easy.  We can reuse the exact same algorithm and XML
schema, right?  So long as we are using a single key to sign a single
document, there's no problem.  We get into messiness if we need to
include signatures from several different keys in the same document.
Do you need to do that, and if so why?

Nat wrote>
> Also, I would like to re-iterate that CanonicalID is not a usual domain
> name (= re-assignable.)
> It has to be a cool uri with fragments or i-number kind of ID that is
> guarantee not to be re-assigned to another entity by the relevant CA.

I'm really, really confused by this.  Thanks for starting the new
thread on this topic.

Markus wrote>
> As far as your Signature Method proposals are concerned, I think I
> like 2.1 best. With a well designed RegExp I think this can be done
> quite easily.

No, it can't.  If you think it can please build a prototype, I'll show
you an XML file it can't parse, and then we can iterate until you give
up. =)

We can come up with simple canonicalization algorithms only if we
restrict the statements we are trying to express.  Full-fledged XML
requires something like full fledged XML canonicalization as defined
in XML DSIG.

Name/value pairs, like OpenID or OAuth, are much easier to deal with,
but I suspect we want to include more than name/value pairs in XRD.

Cheers,
Brian