OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [security-services] [XML Signature]SAML profile of XML Signature


Rich,

	Appreciate the comments.

	1.	RSA over DSA, do we care ? I mean, isn't it a function of the security
requirements ? We could, of course, add a statement saying "The RECOMMENDED
... " Any rationale to be added as a part of the recommendation ?

	2.	C14N w/Comments : My rationale in preserving the comments was to sign as
much as possible in line with the "What is not signed is not secure"
principle. Come to think of it, may be it does not make any sense preserving
the comments for signing. I am open to use the C14N without comments.

	3.	Can you please let me know the editorial changes ?

	Once again, thanks for the quick reply

cheers and have a good night

 | -----Original Message-----
 | From: Rich Salz [mailto:rsalz@zolera.com]
 | Sent: Wednesday, October 24, 2001 10:22 PM
 | To: Krishna Sankar
 | Cc: oasis sstc
 | Subject: Re: [security-services] [XML Signature]SAML profile of XML
 | Signature
 |
 |
 | I'd like to see you recommend RSA and avoid DSA.
 | I'd like to know why you recommend preserving comments in C14N.
 |
 | Other then that -- and a few trivial word edits -- looks okay to me.
 | 	/r$
 | --
 | Zolera Systems, Securing web services (XML, SOAP, Signatures,
 | Encryption)
 | http://www.zolera.com
 |
 | ----------------------------------------------------------------
 | To subscribe or unsubscribe from this elist use the subscription
 | manager: <http://lists.oasis-open.org/ob/adm.pl>
 |



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC