[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xri] Comment on call re: algorithm agility
Thanks, Scott. I agree that referencing a signature standard that can independently evolve (and implementations can track it) is better than creating our own. I'd just like to make sure we can address the concerns such as Nat's that we not go down a path that will exclude certain communities where we really want to see XRD signatures adopted. Discovery really is a bootstrap layer for trust, which is why this decision is so important for the TC. =Drummond > -----Original Message----- > From: Scott Cantor [mailto:cantor.2@osu.edu] > Sent: Thursday, June 11, 2009 9:47 PM > To: 'Drummond Reed'; 'XRI TC' > Subject: RE: [xri] Comment on call re: algorithm agility > > Drummond Reed wrote on 2009-06-12: > > So Scott, from a spec standpoint, what does this mean we should/should > not > > do in the XRD 1.0 spec? > > I was making two points, one purely pragmatic. > > Whatever/however signing is done, SHA-256 should probably be the > recommended > or MTI digest algorithm for hashing and as part of the RSA operation. > (With > XML Signatures, you have to pay attention to both the digest alone for the > Reference and then as part of the signature over SignedInfo.) > > The other argument was that reinventing signatures in each standard leads > to > greater effort in achieving agility across the full stack of code you're > deploying. > > -- Scott > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]