W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

RE: Enveloped signatures and XPath

From: Gregor Karlinger <gregor.karlinger@iaik.at>
Date: Mon, 27 Mar 2000 12:46:19 +0200
To: "Joseph M. Reagle Jr." <reagle@w3.org>, "John Boyer" <jboyer@PureEdge.com>
Cc: <w3c-ietf-xmldsig@w3.org>
Message-ID: <NDBBIMACDKCOPBLEJCCDKECKCEAA.gregor.karlinger@iaik.at>
> In the SignatureValue example I might be confused (these small screens at
> the IETF make it hard for me to think <smile>) but why eliminate
> DigestValue? That element type is reserved for the reference digests,
> which do not change during actual signature generation. The digest value
> of the SignedInfo does change, but that is not explicitly represented so
> it need not be eliminated.

The result of applying the list of transforms are the characters which
the digest generation should be performed on. Therefore at least the
DigestValue of the Reference currently worked on is not known at this time.
So you have to omit this DigestValue element.

I agree that there is no need to omit all the Reference's DigestValue field
as the example suggests. But maybe this gets clearer as the underlying
XML instance is added to the example.

> Also, eliminating KeyInfo (and any
> objects) seems odd. This is at the signers option, but if I were signing
> the Signature, I'd want to sign that info as well.

I agree, eliminating KeyInfo in the example is confusing. There is no urgent
reason for that. The signer should be able to decide that.

Regards, Gregor
---------------------------------------------------------------
Gregor Karlinger
mailto://gregor.karlinger@iaik.at
http://www.iaik.at
Phone +43 316 873 5541
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------
Received on Monday, 27 March 2000 05:47:45 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT