W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

RE: Enveloped signatures and XPath

From: Petteri Stenius <Petteri.Stenius@remtec.fi>
Date: Thu, 23 Mar 2000 21:53:46 +0200
Message-ID: <CD0FF8F92CA8D311B9AB00105A14D55724C3@server.remtec.fi>
To: "IETF/W3C XML-DSig WG (E-mail)" <w3c-ietf-xmldsig@w3.org>
Cc: "'Martin J. Duerst'" <duerst@w3.org>

Yes, excluding the Signature or SignatureValue element (without using XPath)
is the main concern with enveloped signatures.

I believe it could benefit many if more transforms were added to the spec, a
generic "exclusion by IDREF" algorithm would be enough to solve enveloped
signatures.


Petteri


> -----Original Message-----
> From: Martin J. Duerst [mailto:duerst@w3.org]
> Sent: Thursday, March 23, 2000 5:11 AM
> To: Petteri Stenius; IETF/W3C XML-DSig WG (E-mail)
> Subject: Re: Enveloped signatures and XPath
> 
> 
> At 00/03/22 19:39 +0200, Petteri Stenius wrote:
> 
> 
> >The interop requirements doc reads:
> >
> >"Feature: Enveloped Signature MUST
> >         requires: XPath selector that drops SignatureValue"
> >
> >
> >I remember there was some talk about this at the FTF meeting 
> in San Jose. It
> >was discussed that it could be possible to detect this 
> particular XPath
> >expression without implementing the entire XPath support.
> >
> >Has anyone worked out a (standard?) XPath expression for 
> excluding the
> >Signature or SignatureValue element?
> 
> If that's the main concern, it may even be possible to define
> a transform that cuts out the SignatureValue element without
> using XPath at all.
> 
> 
> Regards,   Martin.
> 
Received on Thursday, 23 March 2000 14:53:51 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT