W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: The XML-DSig Non-standard, or Location/Transforms as 'hints'

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Fri, 19 Nov 1999 08:25:56 -0500
Message-Id: <3.0.5.32.19991119082556.00a58d00@localhost>
To: david.solo@citicorp.com
Cc: jboyer@uwi.com, w3c-ietf-xmldsig@w3.org
At 08:46 99/11/19 -0500, david.solo@citicorp.com wrote:
 >The only assertion made by the signature is that that exact collection of 
 >bytes, paragraph X, was signed.  The fact that paragraph X was extracted
from 
 >document Y is in no way cryptographically assured by the XML signature
unless I 
 >include object references both to paragraph X and to document Y (and
perform 
 >additional external validation).

I believe there are two other "orthogonal" assertions:

1. There is a set of documents that when processed via the specified chain
of transforms will yield DigestContent. 
2. At some point in time, the document obtained by dereferencing the URI was
a member of that set.

One does not need to "confirm" either of these assetions to have a valid
signature.

_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Friday, 19 November 1999 09:26:14 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT