[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] SimpleSign for estabilishing the authenticity of XRD.
> Markus wrote> >> As far as your Signature Method proposals are concerned, I think I >> like 2.1 best. With a well designed RegExp I think this can be done >> quite easily. > > No, it can't. If you think it can please build a prototype, I'll show > you an XML file it can't parse, and then we can iterate until you give > up. =) Hmm you're probably right.. After thinking about it again, processing an XML file in some non-XML way doesn't sound like a good idea. Markus On Wed, Dec 10, 2008 at 10:43 PM, Brian Eaton <beaton@google.com> wrote: > Nat wrote> >>> If we are to take this file based approach, we have to define how the >>> signature will work for XRDS. > > That seems easy. We can reuse the exact same algorithm and XML > schema, right? So long as we are using a single key to sign a single > document, there's no problem. We get into messiness if we need to > include signatures from several different keys in the same document. > Do you need to do that, and if so why? > > Nat wrote> >> Also, I would like to re-iterate that CanonicalID is not a usual domain >> name (= re-assignable.) >> It has to be a cool uri with fragments or i-number kind of ID that is >> guarantee not to be re-assigned to another entity by the relevant CA. > > I'm really, really confused by this. Thanks for starting the new > thread on this topic. > > Markus wrote> >> As far as your Signature Method proposals are concerned, I think I >> like 2.1 best. With a well designed RegExp I think this can be done >> quite easily. > > No, it can't. If you think it can please build a prototype, I'll show > you an XML file it can't parse, and then we can iterate until you give > up. =) > > We can come up with simple canonicalization algorithms only if we > restrict the statements we are trying to express. Full-fledged XML > requires something like full fledged XML canonicalization as defined > in XML DSIG. > > Name/value pairs, like OpenID or OAuth, are much easier to deal with, > but I suspect we want to include more than name/value pairs in XRD. > > Cheers, > Brian >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]