W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

RE: Enveloped signatures and XPath

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Mon, 27 Mar 2000 03:17:15 -0500 (EST)
To: John Boyer <jboyer@PureEdge.com>
cc: w3c-ietf-xmldsig@w3.org
Message-ID: <Pine.LNX.4.20.0003270253590.11951-100000@tux.w3.org>
[woops, didn't finish]

It would probably be useful to show the example in in the context
of the transform and Xpath element.

>SignatureValue and KeyInfo child elements and the and the DigestValu


In the SignatureValue example I might be confused (these small screens at
the IETF make it hard for me to think <smile>) but why eliminate
DigestValue? That element type is reserved for the reference digests, 
which do not change during actual signature generation. The digest value
of the SignedInfo does change, but that is not explicitly represented so
it need not be eliminated. Also, eliminating KeyInfo (and any
objects) seems odd. This is at the signers option, but if I were signing
the Signature, I'd want to sign that info as well. Also, would it be
better to set the context node to the the closest ancestor Signature
element (instead of at the document root)?  A good way to test that Xpath
expression would be to match it up to a variant of Ed's killer example
(make one of the examples enveloped) <smile>

Received on Monday, 27 March 2000 03:17:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:33 UTC