- From: John Boyer <jboyer@uwi.com>
- Date: Wed, 17 Nov 1999 15:29:48 -0800
- To: "Jim Schaad (Exchange)" <jimsch@Exchange.Microsoft.com>, "'Solo, David'" <david.solo@citicorp.com>, <marcnarc@xcert.com>, <w3c-ietf-xmldsig@w3.org>
- Message-ID: <NDBBLAOMJKOFPMBCHJOICEDOCCAA.jboyer@uwi.com>
RE: Omitting Location and Transforms from SignedInfoAgree 100%. John Boyer Software Development Manager UWI.Com -- The Internet Forms Company -----Original Message----- From: w3c-ietf-xmldsig-request@w3.org [mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of Jim Schaad (Exchange) Sent: Wednesday, November 17, 1999 3:10 PM To: 'Solo, David'; marcnarc@xcert.com; w3c-ietf-xmldsig@w3.org Subject: RE: Omitting Location and Transforms from SignedInfo I don't like this because I can't possibly know how to implement it. How does a program know if something is of the correct form? How do I know what transformations have or have not been applied to the object since the last time I dereferenced it. (For example that document on the web site was base64 encoded and now is not.) jim > -----Original Message----- > From: Solo, David [mailto:david.solo@citicorp.com] > Sent: Wednesday, November 17, 1999 2:16 PM > To: marcnarc@xcert.com; w3c-ietf-xmldsig@w3.org > Subject: RE: Omitting Location and Transforms from SignedInfo > > > I think this is sort of what I had in mind when I suggested > the definition of > (at least some of) the transforms should be "make it x" vs. > "do x". Thus the > statement is I signed a canonicalized, decoded instance of > this object. If > you've got one, digest it, if not, you need to perform the > corresponding > transforms. This would be in contrast to the interpretation > of "you must > obtain a version and apply each specified transform". > > Dave > > > -----Original Message----- > > From: marcnarc [mailto:marcnarc@xcert.com] > > Sent: Wednesday, November 17, 1999 5:47 PM > > To: w3c-ietf-xmldsig > > Cc: marcnarc > > Subject: Re: Omitting Location and Transforms from SignedInfo > > > > > > > > I find your arguments persuasive, so I'm reversing my > > position on signed > > transforms. > > > > In your reply to Mack Hicks, you state that "the signature > > should be applied > > to a format of the document as close as possible to the presentation > > format." I like this idea, and I'm starting to think that > > maybe transforms > > have been trying to do things backwards (or maybe it's just > > my reading of > > them that is backwards). > > > > Instead of saying "do A, B and C to this document before > verifying the > > signature" perhaps transforms should just indicate the "base > > format" that the > > document was in when it was signed. > > > > Admittedly, I'm not exactly sure how this could be done (MIME types, > > maybe?). But it seems to me that the problem with transforms > > is that the > > signer has to make assumptions about how the verifier will > > obtain the signed > > content. Things might be easier if the signer could just > > state what format > > the content was in when it was signed. > > > > Marc > > > > >
Received on Wednesday, 17 November 1999 18:30:49 UTC