W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 1999

RE: Some possible rqmt/design points

From: Phillip M Hallam-Baker <pbaker@verisign.com>
Date: Wed, 16 Jun 1999 10:18:26 -0400
To: "Barb Fox (Exchange)" <bfox@Exchange.Microsoft.com>, <david.solo@citicorp.com>, "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Message-ID: <001401beb803$199ec200$6e07a8c0@pbaker-pc.verisign.com>

> is no compelling need for attributes (authenticated or not) when 
> you already
> have the expressive power of XML. If a signer wants to make qualified
> statements about a particular XML blob, then the signer should make those
> statements in XML (perhaps including a strong reference/hash of 
> the original
> blob) and sign *that*.  In any event, you're always signing a 
> particular XML
> object.

And what when a single document must be signed more than once?

Most E-Commerce protocols will involve signatories and 
counter-signatories up the wazoo. 

Also from the implementation standpoint, attibutes directly
attached to signatures are easier to deal with. The signing
hardware (if used) is unlikely to see (or want to see) the 
entire document. Even so a signing token may well want to 
insert disclaimers such as 'not valid for more than $10,000'.

Received on Wednesday, 16 June 1999 10:17:27 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:31 UTC