TLR, FH, XMLSecWG,
On 12/21/11 6:03 AM, ext Marcos Caceres wrote:
Lets go back an look at the options we have to divorce Widgets/XML Dig Sig
from Elliptic Curve:
1. Remove ECC from XML Dig Sig (in my opinion, "the right thing to do"™):
pros:
- frees both XML Dig Sig and Widgets Dig Sig to progress to REC at full
speed.
- begins a pattern of divorcing signature algorithms from processing (a
good thing, which avoids this kind of mess!)
cons:
- new small spec needed
- XML Dig Sig missing an important algorithm.
Based on a quick scan of the XMLSec WG's mail archive [2], it appears
that WG has known about potential IP issues related to Certicom/RIM and
ECC for almost 3 years. As such, surely the WG has already discussed
refactoring the XMLSig spec in a way like Marcos and I proposed.
Would you please explain why the WG objects to such refactoring (or
provide a link(s) to the related discussion)?
As an FYI for the XMLSec WG members, note that another widget spec was
blocked for two years because of a PAG [1] so it's quite understandable
that having widgets-digsig blocked by YA PAG creates concerns for some
WG members, especially given the ECC PAG Chair's "pessimistic" view [3]
of a "quick" PAG resolution.
-Thanks, AB
[1] http://www.w3.org/2009/11/widgets-pag/pagreport.html
[2]
http://www.w3.org/Search/Mail/Public/search?keywords=&hdr-1-name=subject&hdr-1-query=certicom&index-grp=Public_FULL&index-type=t&type-index=public-xmlsec
[3] http://lists.w3.org/Archives/Public/public-webapps/2011OctDec/1540.html
