W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Re:RE: 991118 Telecon Minutes

From: <rhimes@nmcourt.fed.us>
Date: Mon, 22 Nov 1999 15:46:53 -0700
Message-Id: <9911229433.AA943311452@nmcourt.fed.us>
To: <w3c-ietf-xmldsig@w3.org>

John,

>In general, arbitrary transforms should not be omitted from (or allowed
>outside of) SignedInfo.  Mark Bartel has a fine email that runs through an
>example of why this is so.

The way I read Mark's example, the output of the spoof transform would fail
signature validation, so I'm still not convinced that signing transforms buys
anything.  Anything goes if we aren't validating.  I view transforms (including
c14n) as being very closely related to locations.  Both are windows that allow
us to see through to the signed bits.  Those signed bits can be passed through
new windows, but that's OK as long as you can specify a way (a new "path" of
windows) to get back to them.

Thanks,
Rich
Received on Monday, 22 November 1999 17:57:56 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT