W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2000

RE: Manually Signed Digest as an XML signature type

From: Barb Fox <bfox@Exchange.Microsoft.com>
Date: Mon, 5 Jun 2000 17:13:29 -0700
Message-ID: <96BABA22ECEAEA45B53D08D63E1B567826F162@DF-SPIKE.platinum.corp.microsoft.com>
To: "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: <tgindin@us.ibm.com>, <w3c-ietf-xmldsig@w3.org>
Joseph:

Your definition of KeyInfo is information related to the generation of
the signature. 
Mine is that KeyInfo is information required by the verifier of a
signature.  There are several forms, like KeyName, that illustrate that
it's not intended to be used in the generation of a signature. 

Also, in your choice between: 

"A. Non cryptographic electronic signatures should place their
"validating"
information in SignatureProperties, or
B. Non cryptographic electronic signatures can not use XML Signature
syntax
what-so-ever. (Specifying this would be difficult as we would then have
to
enumerate all the algorithms that may be used, or all those that may
not,
and it's difficult to enforce.)"

I believe we should clearly state that compliance with this standard
requires that a cryptographic signature MUST be generated (or verified.)
If the producer of a cryptographically signed XML document wishes to add
an electronic signature, it should be included as a SignatureProperty.  

--Barb
Received on Monday, 5 June 2000 20:29:43 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT