W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

RE: Manually Signed Digest as an XML signature type

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Mon, 05 Jun 2000 19:28:21 -0400
Message-Id: <3.0.5.32.20000605192821.00be6520@localhost>
To: "Barb Fox" <bfox@Exchange.Microsoft.com>
Cc: <tgindin@us.ibm.com>, <w3c-ietf-xmldsig@w3.org>
At 03:39 PM 6/5/00 -0700, Barb Fox wrote:
 >I disagree.  We've defined KeyInfo (in just about every conceivable form!)
to mean "hints" to a verifier about where to find evidence that he is using
the correct key.  There is NO ambiguity here: the result of interpreting
KeyInfo can only be the use of a particular key by the verifier in a
cryptographic operation.  

I understood KeyInfo to be the information related to generating the
SignatureValue. Consequently if someone defined a non-cryptographic method,
KeyInfo should carry the hints appropriate to validating SignatureValue
using that method.

Your definition is appropriate as well (particularly given it's called
KeyInfo) in that KeyInfo only holds information related to generating the
SignatureValue via a cryptographic algorithm.

I just want to be clear which it is and what the implication of your
definition:
A. Non cryptographic electronic signatures should place their "validating"
information in SiggnatureProperties, or
B. Non cryptographic electronic signatures can not use XML Signature syntax
what-so-ever. (Specifying this would be difficult as we would then have to
enumerate all the algorithms that may be used, or all those that may not,
and it's difficult to enforce.)

_________________________________________________________
Joseph Reagle Jr.   
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Monday, 5 June 2000 19:28:26 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT