OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xri] Comment on call re: algorithm agility

Drummond Reed wrote on 2009-06-12:
> So Scott, from a spec standpoint, what does this mean we should/should not
> do in the XRD 1.0 spec?

I was making two points, one purely pragmatic.

Whatever/however signing is done, SHA-256 should probably be the recommended
or MTI digest algorithm for hashing and as part of the RSA operation. (With
XML Signatures, you have to pay attention to both the digest alone for the
Reference and then as part of the signature over SignedInfo.)

The other argument was that reinventing signatures in each standard leads to
greater effort in achieving agility across the full stack of code you're
deploying.
 
-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]