W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: The XML-DSig Non-standard, or Location/Transforms as 'hints'

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Fri, 19 Nov 1999 08:25:56 -0500
Message-Id: <>
To: david.solo@citicorp.com
Cc: jboyer@uwi.com, w3c-ietf-xmldsig@w3.org
At 08:46 99/11/19 -0500, david.solo@citicorp.com wrote:
 >The only assertion made by the signature is that that exact collection of 
 >bytes, paragraph X, was signed.  The fact that paragraph X was extracted
 >document Y is in no way cryptographically assured by the XML signature
unless I 
 >include object references both to paragraph X and to document Y (and
 >additional external validation).

I believe there are two other "orthogonal" assertions:

1. There is a set of documents that when processed via the specified chain
of transforms will yield DigestContent. 
2. At some point in time, the document obtained by dereferencing the URI was
a member of that set.

One does not need to "confirm" either of these assetions to have a valid

Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Friday, 19 November 1999 09:26:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:32 UTC