W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: RE: Locations but not Transforms as hints

From: Greg Whitehead <gwhitehead@signio.com>
Date: Wed, 24 Nov 1999 11:23:45 -0800
Message-ID: <6B962A1EE646D31193270008C7A4BAB5381EE9@mail.paymentnet.com>
To: "'Chris Smithies'" <Chris_Smithies@penop.com>, rhimes@nmcourt.fed.us
Cc: w3c-ietf-xmldsig@w3.org
> Yes: it seems simple to me. Have a Location which the core
> can use to fetch the document for verification; but don't
> include the Location in SignedInfo, otherwise moving the
> document breaks the signature (at least, as far as the core
> is concerned).

We can provide an option for Location to appear outside of
SignedInfo, but it must also be possible to include it. Just
as there are applications that require document mobility,
there are others that require location (which should really
be thought of as identity -- the hint argument) to be locked
down.

-Greg


-----Original Message-----
From: Chris Smithies [mailto:Chris_Smithies@penop.com]
Sent: Wednesday, November 24, 1999 10:47 AM
To: rhimes@nmcourt.fed.us
Cc: w3c-ietf-xmldsig@w3.org
Subject: Re:RE: Locations but not Transforms as hints




Yes: it seems simple to me. Have a Location which the core can use to fetch
the document for verification; but don't include the Location in
SignedInfo, otherwise moving the document breaks the signature (at least,
as far as the core is concerned). Then, if the document changes location,
simply change the Location field accordingly. Isn't it as simple as that?

Why, when no other kind of electronic signature is invalidated by changing
the document's location, should XML signatures be any different? I can't
see why. Perhaps some kind and patient person could explain to me what I am
missing here.
Received on Wednesday, 24 November 1999 14:23:50 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT