RE: Re[2]: Omitting Location and Transforms from SignedInfo

I believe that numerous examples were given.

One is to sign both XML markup representing data plus a well-known
stylesheet located at some web address.  The signer wants to sign what the
signer is looking at, and we want to sign markup.  The compromise is that we
sign enough markup to be able to reliably regenerate what the signer was
looking at (or listening to, etc.).

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company


-----Original Message-----
From: Peter Lipp [mailto:Peter.Lipp@iaik.at]
Sent: Wednesday, November 17, 1999 12:59 PM
To: rhimes@nmcourt.fed.us; w3c-ietf-xmldsig@w3.org; jboyer@uwi.com;
gwhitehead@signio.com; w3c-ietf-xmldsig@w3.org
Subject: AW: Re[2]: Omitting Location and Transforms from SignedInfo


> It really concerns me that there is so little concern about
> locating objects.
I strongly believe don't think finding an object has anything todo with
digital signatures. I am still waiting for somebody giving a real life
example where you have the signature, and the signature only, and go off
searching for the corresponding data. The other way, having the data and
looking for a signature, might be more appropriate, but in that case any
unique id is fine (so I really liked Josephs suggestion to use the hash).


> Is a floating location any better?
One still can use any form of location as a hint or so in any place you
want. But it is not required for solving the signature "problem".

Peter
Thank you for your interest into our products!

Peter Lipp
______________________________________
Dr. Peter Lipp
IAIK, TU Graz
Inffeldgasse 16a, A-8010 Graz, Austria
Tel: +43 316 873 5513
Fax: +43 316 873 5520
Web: www.iaik.at

Received on Wednesday, 17 November 1999 17:35:00 UTC