- From: John Boyer <jboyer@uwi.com>
- Date: Wed, 28 Jul 1999 09:49:04 -0700
- To: "Joseph M. Reagle Jr." <reagle@w3.org>
- Cc: "DSig Group" <w3c-ietf-xmldsig@w3.org>
I should start by backtracking on one piece of requirements feedback. Regarding Section 2, para 2.3A, I wrote that it seemed vacuously true. That's a terrible term to use, and the more I think about it, the more I'm probably wrong about it anyway (sorry Joseph). This part of the req. doc. states that "Only enough information necessary to check the validity of the cryptographic signature need be provided". This is precisely the type of statement that can keep us focused on not doing extra things like putting multiple signatures in the same signature block. If we want to associate multiple signatures together, then we can use signed RDF to describe both the association and the reason for the association between multiple signatures. Trying to jam many of them into one block is implicitly adding information that is not necessary to check the validity of the cryptographic signature... John Boyer Software Development Manager UWI.Com -- The Internet Forms Company
Received on Wednesday, 28 July 1999 12:48:52 UTC