[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes: XRI TC Telecon 2-3PM PT Thursday 2009-06-11
Following are the minutes of the unofficial telecon of the XRI TC at: Date: Thursday, 11 June 2009 USA Time: 2:00PM - 3:00PM Pacific Time (21:00-22:00 UTC) (Note: Drummond could not attend so these minutes were taken by John.) ATTENDING Scott Cantor Nat Sakimura Will Norris John Bradley REGRETS Drummond Reed Eran Hammer-Lahav 1) DO WE STILL NEED A SIMPLE SIGNING METHOD? Among the attendees on this call, the consensus was, "probably not". Nat is still concerned about adoption, and is looking for more feedback from the OpenID mailing list. John cynically thinks signing will not be popular with some people no matter what the canonicalization method is. Scott is going to create a description of the constrained form. Scott added the following comment in email: ***** BEGIN QUOTE ***** Just for the permanent record, on the sparsely attended call today I raised one of my other concerns about the proliferation of proprietary signing mechanisms in specs, which is algorithm agility. I had been planning to mention to Will that copying the SAML spec's outdated recommendation to use RSAwithSHA1 as the signing algorithm was probably not the ideal choice, since SHA256 is gradually replacing SHA1 as the current "best option" until the new hash standard is done. The more one duplicates signing functionality across multiple spots in the software stack, the harder it is to maintain control over the algorithms being used and maintain some degree of agility as these old algorithms fall into disrepair. ***** END QUOTE ***** John thinks that once implementers try c14n once they will like it "like green eggs and ham", as Dr. Suess said. He said that making sure the 5 or 6 main OpenID libraries support it will cover 90% of the initial users. 2) OTHER XRD 1.0 ISSUES Will raised the question of TargetSubject and how that would work when delegating entire domains. It may be that using TargetAuthority will be sufficient. Will is exploring use cases.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]