W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Re: Omitting Location and Transforms from SignedInfo

From: Peter Lipp <Peter.Lipp@iaik.at>
Date: Tue, 16 Nov 1999 23:16:30 +0100
To: "John Boyer" <jboyer@uwi.com>, "Greg Whitehead" <gwhitehead@signio.com>, "DSig Group" <w3c-ietf-xmldsig@w3.org>
Message-ID: <NDBBLDEHJKOODMJCNBNCMENCCNAA.Peter.Lipp@iaik.at> 
> This is quite problematic.  Our core processing rules state that we verify
> SignedInfo, then we verify the digest values of the ObjectReferences.  HOW
> IS CORE BEHAVIOR GOING TO DO THIS IF CORE BEHAVIOR DOESN'T KNOW HOW TO
> RETRIEVE THE DATA?

I am still wondering if this is a typical case. How often do you find a
signature somewhere on the floor where you then need to get the data you
want to verify? Most of the time you will get the signature with the data
anyway. Somtimes you will have the data and look for a signature. And then,
any name is sufficient, need not be a location in the first place.

Peter
Received on Tuesday, 16 November 1999 17:16:18 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT