[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [wss] WSS-X509 - Review contribution
> 3. References (general). The use of identifiers such as > [DIGSIG] in line > 151 while > traditional in some standards can be problematic. Please consider > changing all > reference identifiers to simple numbers like [1]. The use of text > here has marginal > benefit for readers, and in a set of documents such as in > WSS, begs > for common > agreement or coordination between documents in a way that use of > simple > numbers does not. Using text is also error prone. See, > [X509], for a > similar > problem below. There are many standards that could be > labeled with > "X509". I strongly disagree here. I am always irritated by numbered references, they make me work to look up references which are usually pretty standard. The ambiguity between documents referenced by [X.509] does not worry me at all since the choice of document to reference is usually arbitrary. For most internet related specs the referent of something like [RFC822] is immediately apparent. Synchronization between documents is not a major problem. > 4. Line 151, change reference to identify author > > R. Shirley, Internet Security Glossary, > http://www.ietf.org/rfc/rfc2828.txt, IETF RFC 2828, May 2000. OK > 5. Lines 162-165 > > This hypertext link takes you to the ITU-T Electronic > Bookstore where the > X.509 standard can be downloaded for free. This link does > not appear > to belong > with the document cited, which I believe should probably be > > S. Satesson, W. Polk, P. Barzin, M. Nystrom, Internet > X.509 Public Key > Infrastructure Qualified Certificates Profile, > http://www.ietf.org/rfc/rfc2828.txt, > IETF RFC 3039, January 2001. Not close! The qualified certificates draft reference in the text appears to have come from somewhere else, qualified certificates are not relevant to WS-Security. The hyperlink is correct, the citation is not, will fix. > 6. The footing indicates that this document is the core specification > document, > WSS-Core-01. OK > 7. Lines 3, 17, 52, 80, 87, 98, 127, and 132, change "X509" > to "X.509". OK > Add a > reference to the X.509 standard. For example, > > ISO/IEC 9594-8: Information technology (2000) | ITU-T > Recommendation > X.509 (2001), Open Systems Interconnection -- The Directory: > Authentication > framework, http://www.itu.int/rec/recommendation.asp?type=items&lang=e &parent=T-REC-X.509-200003-I. Yep, see comment to 5, qualified certs are not what we are doing! ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
Attachment:
smime.p7s
Description: application/pkcs7-signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC