Re: Two questions about Location from Donald E. Eastlake 3rd on 1999-10-13 (w3c-ietf-xmldsig@w3.org from October to December 1999)

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Wed, 13 Oct 1999 08:29:39 -0400
To: "John Boyer" <jboyer@csr.csc.UVic.CA>
cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Message-Id: <199910131229.IAA15751@torque.pothole.com>

John,

From:  "John Boyer" <jboyer@uwi.com>
Resent-Date:  Wed, 13 Oct 1999 00:49:35 -0400 (EDT)
Resent-Message-Id:  <199910130449.AAA21871@www19.w3.org>
To:  "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Date:  Tue, 12 Oct 1999 21:49:58 -0700
Message-ID:  <NDBBLAOMJKOFPMBCHJOIAEJICBAA.jboyer@uwi.com>
In-reply-to:  <3.0.5.32.19991007093250.009fae50@localhost>

>If you respond to this, please cc jboyer@csr.uvic.ca.  Thanks.
>
>One question that came up while working on Section 4.3.1 was the comment
>(which was already there) about Location being implied by application
>context.  It would be nice to have an example of this.  In particular, I'm
>having some difficulty understanding how a signature verification algorithm
>will tell the difference between implied Location versus having no Location
>mean 'this' document.
>
>Originally, I had thought that an empty Location (or one that starts with a
># fragment if we allow fragments in Location) should mean 'this' document.

I think this is intended primarily for light weight protocol
applications.  Typically no Location would mean some part of the
current document while just a fragment means some particular element
of the current document.  In other words, no Location can be an
abbreviation for some XPath type filter that is fixed for that
application and type of message, such as signing the entire
message/document less the signature, while a fragment can only refer
to one element and is all of that element, so to speak.

>Another question about Location had to do with the desired ability to switch
>between embedded and detached signatures without breaking the signature How
>will this be done without breaking the signature given that the Location
>will change?  At first I assumed that the only way to do this was with the
>fabled Location-by-application-context, but then the question above popped
>into mind.  Note that Location is part of what gets signed by the
>signature's digest, so there aren't even transformations that can omit it.

If the Location is specified by id, you can move the stuff around
anywhere in the current document and still find it.  If the Location
is some clever application specific scheme, <foobar:great-stuff>,
maybe it can locate the data anywhere in that application's universe
via some directory system or something, whether it is in the current
document or not.

>Thanks,
>John Boyer
>Software Development Manager
>UWI.Com -- The Internet Forms Company

Thanks,
Donald
===================================================================
 Donald E. Eastlake 3rd   +1 914-276-2668   dee3@torque.pothole.com
 65 Shindegan Hill Rd, RR#1  +1 914-784-7913(w)     dee3@us.ibm.com
 Carmel, NY 10512 USA

Received on Wednesday, 13 October 1999 08:29:54 UTC