W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Re:draft resulting from 990930 call

From: Andreas Schmidt <aschmidt@darmstadt.gmd.de>
Date: Tue, 05 Oct 1999 10:59:08 +0200
Message-ID: <37F9BDDC.13EB6816@darmstadt.gmd.de>
To: XML-DSig mailing list <w3c-ietf-xmldsig@w3.org>

> 8.2 Signature Validation 
>  2.calculate digest over all transformed signed 
>    object(s) based on the algorithm in Object reference(s).
>    If the object is contained within the Object 
>    element, only the object itself is hashed (i.e. the <Object>               
>    and </Object > tags are excluded). 
>  3.compare value against digest value in SignedInfo
>    (if mismatch, validation fails). 

Is it consensus now that checking the digest is core signature
If yes, why? There seemed to be reasons for allowing dsig applications
check signatures without checking integrity of the Objects - e.g. a
where a trusted third party can wittness the validity of signatures
knowing the signed content.

Dr. Andreas U. Schmidt, Dept. SIT | mailto:aschmidt@darmstadt.gmd.de
GMD German National Research      | phone :+49-6151-869-712       
Center for Information Technology | fax   :+49-6151-869-704
Received on Tuesday, 5 October 1999 04:59:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:32 UTC