W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Re:draft resulting from 990930 call

From: Andreas Schmidt <aschmidt@darmstadt.gmd.de>
Date: Tue, 05 Oct 1999 10:59:08 +0200
Message-ID: <37F9BDDC.13EB6816@darmstadt.gmd.de>
To: XML-DSig mailing list <w3c-ietf-xmldsig@w3.org>

> 8.2 Signature Validation 
 
>  2.calculate digest over all transformed signed 
>    object(s) based on the algorithm in Object reference(s).
>    If the object is contained within the Object 
>    element, only the object itself is hashed (i.e. the <Object>               
>    and </Object > tags are excluded). 
>  3.compare value against digest value in SignedInfo
>    (if mismatch, validation fails). 

Is it consensus now that checking the digest is core signature
behaviour?
If yes, why? There seemed to be reasons for allowing dsig applications
to
check signatures without checking integrity of the Objects - e.g. a
scenario
where a trusted third party can wittness the validity of signatures
without 
knowing the signed content.

AUS
--------------------------------------------------------------------
Dr. Andreas U. Schmidt, Dept. SIT | mailto:aschmidt@darmstadt.gmd.de
GMD German National Research      | phone :+49-6151-869-712       
Center for Information Technology | fax   :+49-6151-869-704
--------------------------------------------------------------------
Received on Tuesday, 5 October 1999 04:59:16 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT