W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

RE: Manually Signed Digest as an XML signature type

From: Barb Fox <bfox@Exchange.Microsoft.com>
Date: Mon, 5 Jun 2000 15:39:55 -0700
Message-ID: <96BABA22ECEAEA45B53D08D63E1B567826F160@DF-SPIKE.platinum.corp.microsoft.com>
To: "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: <tgindin@us.ibm.com>, <w3c-ietf-xmldsig@w3.org>
I disagree.  We've defined KeyInfo (in just about every conceivable
form!) to mean "hints" to a verifier about where to find evidence that
he is using the correct key.  There is NO ambiguity here: the result of
interpreting KeyInfo can only be the use of a particular key by the
verifier in a cryptographic operation.  
SignatureProperties, on the other hand, are miscellaneous input to some
higher-order verification policy, sent along with a signature by its
-----Original Message-----
From: Joseph M. Reagle Jr. [mailto:reagle@w3.org]
Sent: Monday, June 05, 2000 3:22 PM
To: Barb Fox
Cc: tgindin@us.ibm.com; w3c-ietf-xmldsig@w3.org
Subject: RE: Manually Signed Digest as an XML signature type

At 02:39 PM 6/5/00 -0700, Barb Fox wrote: 

Joseph and Tom: 

Sorry, but I strongly believe that this manually signed digest signature
type is a huge mistake for this working group to even consider. The
focus of the working group and its charter from inception has been
digital signature in the cryptographic context. Adding this
"interpretation" of signature opens to door to all kinds of random
definitions and it seriously dilutes the work we've done so far. 

--Barbara Fox 



Rest assured, this work is out of scope. <smile> However, I'm trying to
use the question to push us to more cleanly define the meaning of
KeyInfo and SignatureProperties, which are rather fuzzy. 

Joseph Reagle Jr. 
W3C Policy Analyst mailto:reagle@w3.org 
IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/ 
Received on Monday, 5 June 2000 19:13:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:33 UTC