W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: XML-Signature Working Draft

From: Richard D. Brown <rdbrown@Globeset.com>
Date: Thu, 2 Dec 1999 19:07:08 -0600
To: "'Donald E. Eastlake 3rd'" <dee3@torque.pothole.com>, "'Pete Chown'" <Pete.Chown@skygate.co.uk>
Cc: <w3c-ietf-xmldsig@w3.org>
Message-ID: <006501bf3d2a$b9b3eac0$0bc0010a@artemis.globeset.com>
> >4.  I am not sure why the digest values are included in the XML.
> >
> >When verifying the signature you have to recalculate the digest
> >values anyway, so is there any point in including them in the
> >document?
>
> This is an interesting point no one has brought up before.  Two
> reasons come to mind immediately:
>
> (1) So you can distinguish between the signature getting corrupted and
> the data getting corrupted or not being properly located or decoded.
>
> (2) In the case of Manifest's, with the current syntax, so you can
> validate the hash over the Manifest without having to fetch all the
> data.  This is required in many scenarios.
>

This feature is intended for supporting verification of composite documents.
Many protocols, such as IOTP, exchange only parts of a signed document. In
other words, the signature authenticates a sequence of assertions, each
being verifiable independently.

Richard D. Brown
Received on Thursday, 2 December 1999 20:04:44 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT