"Donald E. Eastlake 3rd" wrote: > > I do not understand what problem you see. Core signature > verification, in the example you give, would require that the Manifest > be fetched, digested, and this digest checked again the DigestValue in > Reference in SignedInfo. In that regard it is of no partciular > significant that it happens to be a Manifest as opposed to plain data. > However, many applications will want to further vefify the digests > inside Manifests, perhaps recursively to many levels. So I conclude the following (please tell me if I am wrong): If the Type attribute of Reference indicates a manifest, but the URI attribute does not refer to a XML-Document which root element is a manifest, that is an application problem and does not touch core behaviour, i.e. the correctness of the type attribute is not checked by core behaviour. Gregor -- --------------------------------------------------------------- Gregor Karlinger mailto://gregor.karlinger@iaik.at Institute for Applied Information Processing and Communications Austria ---------------------------------------------------------------
This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT