W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

RE: Enveloped signatures and XPath

From: John Boyer <jboyer@PureEdge.com>
Date: Tue, 28 Mar 2000 09:18:36 -0800
To: "Peter Lipp" <Peter.Lipp@iaik.at>
Cc: "''IETF/W3C XML-DSig WG \(E-mail\) ' '" <w3c-ietf-xmldsig@w3.org>
Sorry Peter, but that's not an accurate paraphrase.  It is quite important
to be able to exclude certain elements, but that one requires a great deal
of precision in identifying what must be excluded to ensure that you are
excluding what you meant to exclude.

Exclusion by id excludes an element based on the value of a single
attribute, and this is not enough in most cases to accurately identify the
information to be excluded, and to restrict one's exclusion to only that

John Boyer
Software Development Manager
PureEdge Solutions, Inc. (formerly UWI.Com)
Creating Binding E-Commerce

-----Original Message-----
From: w3c-ietf-xmldsig-request@w3.org
[mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of Peter Lipp
Sent: Tuesday, March 28, 2000 2:06 AM
To: John Boyer
Cc: ''IETF/W3C XML-DSig WG (E-mail) ' '
Subject: AW: Enveloped signatures and XPath

Plonk - plonk - plonk

(....peter is trying hard to keep that discussion from popping up every once
in a while....... and fails....)

> Exclusion by id is bad because you identify an element whose content WILL
> NOT BE in the message digest, so if the identified element's content, tag,
> attributes, etc. are changed, then the message digest will not break.

Said in a generic way like you did just now, this is plain wrong.

You said - Simplified - it is bad to exclude X because it is not included.

Then - don't exclude it.

And if you need to control X - like you do in your application - put it into
your application logic and don't lay the burden on a generic signature

Received on Tuesday, 28 March 2000 12:17:17 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:33 UTC