W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

AW: Simplified Syntax (The Crux of the Matter!)

From: Peter Lipp <Peter.Lipp@iaik.at>
Date: Thu, 2 Dec 1999 00:29:27 +0100
To: "John Boyer" <jboyer@uwi.com>, "Tim Berners-Lee" <timbl@w3.org>, "DSig Group" <w3c-ietf-xmldsig@w3.org>
> Incorrect.  What is covered by the digest is ABDE, but within ABDE is a
> *signed* assertion that the only allowable difference between the document
> and ABDE is the addition of C between B and D.  Can you please
> state why you think this is insecure?  I don't think you can.
I think this overcomplicates things and nobody, or not many, will understand
that concept. This is as if we sign ABCDE and tell the user to ignore C.
Doesn't make sense. Either we want to sign ABDE, then we should sign ABDE,
and if we wnat to put C into the picture, why tell them that we don't want
to sign it, but still do in some obscure way, indirectly maybe.


Received on Wednesday, 1 December 1999 18:29:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:32 UTC