[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] Quick overview of descriptor discovery flow
Hi Eran, Eran Hammer-Lahav wrote: > Comments inline. > > >> -----Original Message----- >> From: Nat Sakimura [mailto:n-sakimura@nri.co.jp] >> Sent: Wednesday, December 17, 2008 4:15 AM >> >> I was wondering if we should stick to XML DSig sintax for describing >> X509 certs data etc. Since it is not XML DSig anymore, I was wondering >> if using ds:... could be a bit confusing. >> > > I think the value of reusing a namespace is only there if existing software can do something smart with it. If not, we should define a new ns. > > >> Also, when we take into the XRI resolution <XRDS> use case, the file >> signing alone would not solve the issue. Brian, John and I have been >> discussing about it for a week or so now. >> > > Can you explain? > > XRI resolution use case, each XRD in a XRDS will be signed by different authority. Thus, file signing does not work. To mitigate this problem, we started to contemplate on having a field that has base 64ed <xrd> itself inside. They are http://wiki.oasis-open.org/xri/XrdOne/SecureXrd Please have a look. =nat
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]