W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

Enveloped signatures

From: Petteri Stenius <Petteri.Stenius@remtec.fi>
Date: Wed, 10 May 2000 11:35:26 +0300
Message-ID: <CD0FF8F92CA8D311B9AB00105A14D5570B10AF@server.remtec.fi>
To: "IETF/W3C XML-DSig WG (E-mail)" <w3c-ietf-xmldsig@w3.org>

I have a few comments on the discussion in [1] at the Victoria FTF.

I believe enveloped (aka. embedded) signatures will be a very common
scenario of applying XML signatures, and for this reason it should be simple
to support them in implementations. 

XPath transformation is very powerful, but implementing it is awkward and it
may be left out of implementations because it is not mandatory and for
security or other reasons. 

The result of the current XPath transform definition is something that (in
my opionion) cannot easilly be produced without actually fully implementing

A suggestion:

6.6.5 Signature Exclusion


The transform excludes the ancestor Signature element of the DigestValue
element that is being calculated. The intention is to support enveloped
signatures where the DigestValue calculation would overlap with itself.


More references to discussion on this topic:


Petteri Stenius                            Petteri.Stenius@remtec.fi
Remtec Systems, Ltd.                           Office +358-9-5259240
                                                 Fax +358-9-52592411
http://www.remtec.fi/                         Mobile +358-50-5506161
Received on Wednesday, 10 May 2000 04:35:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:33 UTC