W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: The XML-DSig Non-standard, or Location/Transforms as 'hints'

From: John Boyer <jboyer@uwi.com>
Date: Sat, 20 Nov 1999 10:07:25 -0800
To: "Peter Lipp" <Peter.Lipp@iaik.at>, <w3c-ietf-xmldsig@w3.org>
> 	>If Date(signed document) < MMDDYYYY, then 
> 	>	http://www.CompanyA.com/documentD ->
> http://www.CompanyB.com/documentD
> 	>else	http://www.CompanyA.com/documentD ->
> http://www.CompanyA.com/documentD
> 	If both companies had used from the beginning:
> 	http://www.companyA.com/documentD.MMDDYYYY
> 	the whole problem is nonexistent. If you use the location as a
> location, what would it buy you in your example? The signature still
> breaks and you still have no solution to solve the problem....
		In the solution I'm proposing, those who expect Location to
move would omit Location from the SignedInfo message so that it can be
changed without breaking the signature.

> 	>Can you actually write another letter telling me why *this* 
> 	>interoperability situation is just a figment of my imagination?
> 	>Because there does seem to be a relatively easy fix,
> 	> and I can't figure out why this is such a big deal 
> 	>(so it would be nice to actually discuss that too).
> 	Still, location as a hint does not hurt here and the only real fix I
> see is to properly use URL's.
		Yes, one real fix is to use URLs, which is what we're saying
should be done.

		Another real fix would be to completely abandon the idea
that core behavior should have anything to do with externally located
		See the end of
for a description of how much simpler our task would be if we totally pushed
everything to do with resource location off to the application.
		I like this because at least the application-specific logic
requirement has something to do with the needs of the application.

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company


> 		Peter

Received on Saturday, 20 November 1999 13:08:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:32 UTC