OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xri] Second thoughts


On Tue, Feb 2, 2010 at 15:34, Eran Hammer-Lahav <eran@hueniverse.com> wrote:
> First, WRAP is running away from crypto in general. It is based on the assumption that client developers are limited.
>
> We would all love to find a signature process that does not require canonicalization but that means moving the signature to the transport layer or in a separate document. We are going to leave the XML DSig in because it is very useful to have. But if you have new proposals, it would be great to consider them for the immediate set of protocols looking to use XRD.

I think the approach with these standards is to have the payload base
64 encoded and attached with the signature.

The clients download the payload, (optionally) verify the signature,
and then extract the content (enveloping signature).


>
> However, I would like us not to lose focus considering we do not have alternatives at this point.
>
> EHL
>
>> -----Original Message-----
>> From: Breno de Medeiros [mailto:breno@google.com]
>> Sent: Tuesday, February 02, 2010 2:59 PM
>> To: xri@lists.oasis-open.org
>> Subject: [xri] Second thoughts
>>
>> Looking at developments since our decision to use XML DSig to sign XRD
>> documents:
>>
>> - OAuth WRAP was launched with canonicalization-free signatures for tokens
>> - Proposal for Salmon signatures based on canonicalization-free signatures on
>> streams
>>
>> I am increasingly concerned that the directions is going away, not towards,
>> meeting XML DSig.
>>
>> --
>> --Breno
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail.  Follow this link to all your TCs in OASIS at:
>> https://www.oasis-
>> open.org/apps/org/workgroup/portal/my_workgroups.php
>
>



-- 
--Breno

+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]