W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: Omitting Location and Transforms from SignedInfo

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Wed, 17 Nov 1999 16:25:48 -0500
Message-Id: <3.0.5.32.19991117162548.00b52250@localhost>
To: "Jim Schaad (Exchange)" <jimsch@Exchange.Microsoft.com>
Cc: DSig Group <w3c-ietf-xmldsig@w3.org>
At 13:12 99/11/17 -0800, Jim Schaad (Exchange) wrote:
 >3.  The current wording of the document says:
 >
 >    1. locate object and apply Transforms  to the specified resource
 >       based on each ObjectReference(s) in the SignedInfo element.  Each
 >       transform is applied in order from left to right to the object
 >       with the output of each transform being the input to the next.
 >
 >This does not imply in my mind that the location is the only place that the
 >object can come from.  It merely says find the bytes for the object.

Jim,

I had read this differently (and as I said I didn't like the result of the
way I read it). But reading it as you do (which I think is probably the
right way on hindsight) I'd agree that the current syntax is sufficient. In
the next version of the specification we should be clearer that it is not
necessary that the URL be dereferenced from the network for the resource to
validate only that some content when transformed (and perhaps that content
was pulled from a cache) yields the digest value.


_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Wednesday, 17 November 1999 16:26:23 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT