W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Re: Easy to have multiple signatures?

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Thu, 28 Oct 1999 21:38:49 -0400
Message-Id: <199910290138.VAA10990@torque.pothole.com>
To: David Burdett <david.burdett@commerceone.com>
cc: IETF/W3C XML-DSig WG <w3c-ietf-xmldsig@w3.org>

You have to duplicate the <Signature> element but you can make it
smaller by having only one ObjectReference in SignedInfo and having it
point to an Object with a Manifest in that which in turn points to all
the things you actually want to secure.  This Object would not be
duplicated. It would probably be outside all the <Signature>s although
I guess it could be inside one of them if you wanted.

Donald

From:  David Burdett <david.burdett@commerceone.com>
Resent-Date:  Thu, 28 Oct 1999 20:54:50 -0400 (EDT)
Resent-Message-Id:  <199910290054.UAA19769@www19.w3.org>
Message-ID:  <123B7EB05559D311B0D900A0C9EA3D7604F47D@NEPTUNE>
To:  "'Jim Schaad (Exchange)'" <jimsch@EXCHANGE.MICROSOFT.com>,
            "'Joseph M. Reagle Jr.'" <reagle@w3.org>,
            David Solo
    	 <david.solo@citicorp.com>
Cc:  IETF/W3C XML-DSig WG <w3c-ietf-xmldsig@w3.org>
Date:  Thu, 28 Oct 1999 17:48:05 -0700
Content-Type:  text/plain;
	      	charset="iso-8859-1"
Resent-From:  w3c-ietf-xmldsig@w3.org
X-Mailing-List:  <w3c-ietf-xmldsig@w3.org> archive/latest/680
X-Loop:  w3c-ietf-xmldsig@w3.org
Sender:  w3c-ietf-xmldsig-request@w3.org
Resent-Sender:  w3c-ietf-xmldsig-request@w3.org
Precedence:  list
>A question ...
> 
>What would be the best way to handle the situation where someone wanted to
>sign **exactly the same** data, but using different certificates and/or
>signature algorithms? It seems to me that the "Objects" and the
>"ObjectReferences" would be identical and in the current specification would
>have to be duplicated.
> 
>Thoughts
> 
>David Burdett
>
>-----Original Message-----
>From: Jim Schaad (Exchange) [mailto:jimsch@EXCHANGE.MICROSOFT.com]
>Sent: Thursday, October 28, 1999 5:49 PM
>To: 'Joseph M. Reagle Jr.'; David Solo
>Cc: IETF/W3C XML-DSig WG
>Subject: RE: Easy to have multiple signatures?
>
>
>
>You are precisely correct -- the second person must duplicate the signedinfo
>block and create their own signature.  If the second person wanted to also
>sign in the first signature (a very common case) they would add a new
>ObjectReference to their own signature block.
>
>jim 
>
>
>> -----Original Message----- 
>> From: Joseph M. Reagle Jr. [ mailto:reagle@w3.org <mailto:reagle@w3.org> ]
>
>> Sent: Thursday, October 28, 1999 5:19 PM 
>> To: David Solo 
>> Cc: IETF/W3C XML-DSig WG 
>> Subject: Easy to have multiple signatures? 
>> 
>> 
>> I was trying to represent the present spec [1] as clearly as 
>> possible in 
>> terms of modelling [2] what we area trying to specify and hit 
>> a question 
>> based on the following: 
>> 
>> <Signature> 
>>   (SignedInfo) 
>>   (SignatureValue) 
>>   (KeyInfo)? 
>>   (Object)* 
>> </Signature> 
>> 
>> Given you can only have one SignatureValue in a Signature, 
>> than all elements 
>> within KeyInfo (perhaps a KeyName and a KeyValue) are related 
>> by identity, 
>> or they are all supposed to be about the same key basically. 
>> 
>> If you want more than one signature (I and Don signed it), you have to 
>> construct a whole new signature block, right? Or is it 
>> possible to hang more 
>> than one (KeyInfo, SigValue) pair off the same SignedInfo via 
>> a reference to 
>> it? 
>> 
>> 
>> [1] http://www.w3.org/TR/1999/WD-xmldsig-core-19991022.html
><http://www.w3.org/TR/1999/WD-xmldsig-core-19991022.html>  
>> [2] http://www.w3.org/Signature/Drafts/xmldsig-datamodel-19991025.gif
><http://www.w3.org/Signature/Drafts/xmldsig-datamodel-19991025.gif>  
>> 
>> _________________________________________________________ 
>> Joseph Reagle Jr.   
>> Policy Analyst           mailto:reagle@w3.org <mailto:reagle@w3.org>  
>> XML-Signature Co-Chair   http://w3.org/People/Reagle/
><http://w3.org/People/Reagle/>  
>> 
>
Received on Thursday, 28 October 1999 21:39:05 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT