> >4. I am not sure why the digest values are included in the XML. > > > >When verifying the signature you have to recalculate the digest > >values anyway, so is there any point in including them in the > >document? > > This is an interesting point no one has brought up before. Two > reasons come to mind immediately: > > (1) So you can distinguish between the signature getting corrupted and > the data getting corrupted or not being properly located or decoded. > > (2) In the case of Manifest's, with the current syntax, so you can > validate the hash over the Manifest without having to fetch all the > data. This is required in many scenarios. > This feature is intended for supporting verification of composite documents. Many protocols, such as IOTP, exchange only parts of a signed document. In other words, the signature authenticates a sequence of assertions, each being verifiable independently. Richard D. BrownReceived on Thursday, 2 December 1999 20:04:44 GMT
This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT