OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] XHTML adoption curve

[ Lists Home | Date Index | Thread Index ]
  • To: <xml-dev@lists.xml.org>
  • Subject: Re: [xml-dev] XHTML adoption curve
  • From: "Peter V. Mikhalenko" <xml-dev@sigent.ru>
  • Date: Thu, 18 Apr 2002 01:30:13 +0400
  • Fl-build: Fidolook Express 2000 UIExt. BuildID: 3BC00FAD (7/10/2001 12:17:49).
  • References: <3C552E6ED5B7DC4F8BF603C030BB70BF3E2EBE@HERMES.canada.corp.powermeasurement.com>

Yeah, convinced me...

 DR> SSL can be used to provide authenticated transfer of the document,
 DR> but it also involves encryption (expensive) and specific web server
 DR> configurations.
 DR> In contrast, a content developer could use their x.509 certificate
 DR> to sign their HTML page during editing, so there are no specific web
 DR> server integration issues -- the author of the document is
 DR> seperately identified from the owner of the web site.  

 DR> By having signed documents in a browser, users can verify the author
 DR> of the document without SSL.  Companies with information, like
 DR> etrade, might use this technology so people know the data they are
 DR> looking at is real, not faked by someone who registered etrae.com
 DR> etc. If the signing technology is available and big delivery firms
 DR> like etrade can get value out of it, browser vendors are likely to
 DR> support signature verification -- they already can deal with PKI
 DR> anyway so the leap is not huge.

 DR> X.509 certificates can be used for many PKI purposes beyond SSL -- I
 DR> use free ones from thawte for secure email,they are used for code
 DR> signing, etc.
 DR> X.509 certs will be used for XML signing, so an XHTML module would
 DR> be a good start.

 >> -----Original Message-----
 >> From: Peter V. Mikhalenko [mailto:xml-dev@sigent.ru]
 >> Sent: Monday, April 15, 2002 5:17 PM
 >> To: Doug Ransom
 >> Subject: Re: [xml-dev] XHTML adoption curve

 >> Hello, Doug!

 DR>>> I thought of a little carrot that might help improve the HTML
 DR>>> developer affinity for XHTML:  Signed XHTML.  If XHTML pages were
 DR>>> signed in a specific manner with using x.509 based PKI, browsers
 DR>>> could inform users they can trust the content of the page.

 >> So what about SSL Certificates (using X.509)? Browsers DO  inform
 >> users they can trust the content of the page. Yeah, they are working
 >> only in the transport layer, but I think it is a good idea to certify
 >> the  source, not the document.

 >> __
 >> Peter V. Mikhalenko
 >> Lead Developer
 >> Sigent Interactive Agency peter@sigent.ru

Peter V. Mikhalenko
Lead Developer
Sigent Interactive Agency


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS