W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: Easy to have multiple signatures?

From: Jim Schaad (Exchange) <jimsch@EXCHANGE.MICROSOFT.com>
Date: Thu, 28 Oct 1999 17:49:21 -0700
Message-ID: <EAB5B8B61A04684198FF1D0C1B3ACD194A70EB@DINO>
To: "'Joseph M. Reagle Jr.'" <reagle@w3.org>, David Solo <david.solo@citicorp.com>
Cc: IETF/W3C XML-DSig WG <w3c-ietf-xmldsig@w3.org>
You are precisely correct -- the second person must duplicate the signedinfo
block and create their own signature.  If the second person wanted to also
sign in the first signature (a very common case) they would add a new
ObjectReference to their own signature block.

jim


> -----Original Message-----
> From: Joseph M. Reagle Jr. [mailto:reagle@w3.org]
> Sent: Thursday, October 28, 1999 5:19 PM
> To: David Solo
> Cc: IETF/W3C XML-DSig WG
> Subject: Easy to have multiple signatures?
> 
> 
> I was trying to represent the present spec [1] as clearly as 
> possible in
> terms of modelling [2] what we area trying to specify and hit 
> a question
> based on the following:
> 
> <Signature> 
>   (SignedInfo) 
>   (SignatureValue) 
>   (KeyInfo)? 
>   (Object)* 
> </Signature> 
> 
> Given you can only have one SignatureValue in a Signature, 
> than all elements
> within KeyInfo (perhaps a KeyName and a KeyValue) are related 
> by identity,
> or they are all supposed to be about the same key basically.
> 
> If you want more than one signature (I and Don signed it), you have to
> construct a whole new signature block, right? Or is it 
> possible to hang more
> than one (KeyInfo, SigValue) pair off the same SignedInfo via 
> a reference to
> it?
> 
> 
> [1] http://www.w3.org/TR/1999/WD-xmldsig-core-19991022.html
> [2] http://www.w3.org/Signature/Drafts/xmldsig-datamodel-19991025.gif
> 
> _________________________________________________________
> Joseph Reagle Jr.   
> Policy Analyst           mailto:reagle@w3.org
> XML-Signature Co-Chair   http://w3.org/People/Reagle/
> 
Received on Thursday, 28 October 1999 20:49:23 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT