RE: draft resulting from 990930 call

Yes.  The current consensus is that at the top level, the ObjectReferences in 
SignedInfo, core processing includes validating the digest.  One motivation, 
among others, was that a core signature operation whose behavior does not 
include verifying that the item referenced is the item signed would be 
deficient at best.  

In building an application, you can have the ObjectReference point to a 
Manifest (or other document of your definition, such as a TTP request/response) 
which contains references to other objects.  In this case, the core behavior 
would validate the digest on the Manifest, but not the referenced objects.

Dave

> -----Original Message-----
> From: aschmidt [mailto:aschmidt@darmstadt.gmd.de]
> Sent: Tuesday, October 05, 1999 4:59 AM
> To: w3c-ietf-xmldsig
> Cc: aschmidt
> Subject: Re:draft resulting from 990930 call
> 
> 
> 
> > 8.2 Signature Validation 
>  
> >  2.calculate digest over all transformed signed 
> >    object(s) based on the algorithm in Object reference(s).
> >    If the object is contained within the Object 
> >    element, only the object itself is hashed (i.e. the 
> <Object>               
> >    and </Object > tags are excluded). 
> >  3.compare value against digest value in SignedInfo
> >    (if mismatch, validation fails). 
> 
> Is it consensus now that checking the digest is core signature
> behaviour?
> If yes, why? There seemed to be reasons for allowing dsig applications
> to
> check signatures without checking integrity of the Objects - e.g. a
> scenario
> where a trusted third party can wittness the validity of signatures
> without 
> knowing the signed content.
> 
> AUS
> --------------------------------------------------------------------
> Dr. Andreas U. Schmidt, Dept. SIT | mailto:aschmidt@darmstadt.gmd.de
> GMD German National Research      | phone :+49-6151-869-712       
> Center for Information Technology | fax   :+49-6151-869-704
> --------------------------------------------------------------------
>