W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Validity of signing n out of m items

From: Prince, Adam <adam.prince@scala.se>
Date: Wed, 24 Nov 1999 16:15:16 +0100
Message-ID: <01AE61A08304D211AD3900A0C995C2050363F2D5@serndexch.scala.se>
To: w3c-ietf-xmldsig@w3.org
Possibly I am misunderstanding the intent, but in section 2.4 of the XML-sig
working draft it is suggested that some valid cases may exist where a single
signature is created over multiple documents and an application may be
defined so that it is possible (and acceptable) to validate the signature
for n out of m items.  Leaving aside why an application might do this . .
 
I can only see two ways for a single signature to cover multiple items
(blobs of data), either single DigestValue is created that uses a defined
transformation to amalgamate the different blobs or multiple DigestValues
are created.  In the first case, it is not possible to arrive at the same
value if any of the underlying blobs are altered, hence n out of of m is
mathematically not possible.  In the latter case a single signature is still
based on amalgamating the DigestValues into a single item that is then
signed (at least that is my understanding).  Again, if any of the digest
values have changed (i.e. any of the underlying blobs have changed) then the
signature cannot be verified and hence it is still not possible to validate
n out of m!
 
<Question>  Have I misunderstood the meaning of section 2.4, if so, can it
be amended (either by elaboration or example) to clarify what is meant?
</Question>
 
Regards
 
Adam

----------------------------------------------------------

The options expressed in this communication are those of the sender.  They
may or may not reflect the opinions of Scala Business Solutions N.V.

Contact Details: 
*(Office)       +46 8 601 1300 
* (mobile)        +46 709 608 666 
*(fax)            +46 8 718 4751 
"(web)            <http://www.scala.se/> http://www.scala.se 
* (e-mail)      <mailto:adam.prince@scala.se> adam.prince@scala.se 
* (snail-mail)  PO Box 104, SE-131 07 Nacka, Sweden 



 



ScalaLogo.gif
(image/gif attachment: ScalaLogo.gif)

Received on Wednesday, 24 November 1999 09:59:30 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT