[standards-jig] new security JEP

Thomas Muldowney temas at box5.net
Thu May 9 02:25:11 UTC 2002


My thoughts are very much along the same vein as Mike's.  I've been
investing XMLENC, XMLDIGSIG and XKMS for a long long time, and they are
rather nice for w3 standards ;-).  Some words against thost would be
extremely beneficial.

--temas


On Wed, 2002-05-08 at 18:58, Mike Lin wrote:
> Here are some comments I have - 
> 
> XMLDSIG, XMLENC, and XKMS are becoming pretty coherent standards, and I
> wonder why we should follow a Standards Track process for a homegrown
> protocol rather than adopt these. I don't mean to be shooting this down,
> but I would appreciate additional commentary by the author on how this
> protocol can achieve "closer alignment" with these imminent standards. 
> 
> 3.3.4 Specifies that cryptographic operations over character strings
> must be carried out over the UTF-16 encoding of the string. I am curious
> why UTF-16 and not UTF-8. We generally handle strings as UTF-8
> currently. UTF-8 frees us from some byte ordering concerns and are more
> efficient to store. Cryptographically, a UTF-8 string tends to have more
> entropy than an equivalent UTF-16 string. Finally, it would just make my
> life easier to use UTF-8. 
> 
> These points aside, the protocol thusfar is well thought out and
> elegantly designed, accompanied with lucid commentary and clear
> explanation. My complements to the author. 
> 
> -Mike 
> 
> 
> 
> On Wed, 2002-05-08 at 19:35, Peter Saint-Andre wrote: 
> > I've just published a JEP I received yesterday regarding Jabber security.
> > You can review it here:
> > 
> > http://www.jabber.org/jeps/jep-0031.html
> > 
> > Peter
> > 
> > --
> > Peter Saint-Andre
> > email+jabber: stpeter at jabber.org
> > weblog: http://www.saint-andre.com/blog/
> > 
> > _______________________________________________
> > Standards-JIG mailing list
> > Standards-JIG at jabber.org
> > http://mailman.jabber.org/listinfo/standards-jig
> > 
> 
> 
> _______________________________________________
> Standards-JIG mailing list
> Standards-JIG at jabber.org
> http://mailman.jabber.org/listinfo/standards-jig





More information about the Standards mailing list