- From: Gregor Karlinger <gregor.karlinger@iaik.at>
- Date: Thu, 30 Mar 2000 09:26:05 +0200
- To: <tgindin@us.ibm.com>, "John Boyer" <jboyer@PureEdge.com>
- Cc: <w3c-ietf-xmldsig@w3.org>
Tom, [...] > Of course, > both Transforms and CanonicalizationMethod need to be in the digest base, > to avoid the known transform substitution attacks (canonicalization is a > type of limited transform). This stuff is considered in any case, but not as part of the digest base. In fact it is part of the input for the signature calculation since Transforms and CanonicalizationMethod are ancestors of SignedInfo. > Would it thus be simpler to have the standard transform remove any > Signature element encountered which was not the top-level subject of any > reference (not necessarily one in the current block)? I am not sure if I understand this question. Could you please provide more detailled description? Regards, Gregor --------------------------------------------------------------- Gregor Karlinger mailto://gregor.karlinger@iaik.at http://www.iaik.at Phone +43 316 873 5541 Institute for Applied Information Processing and Communications Austria ---------------------------------------------------------------
Received on Thursday, 30 March 2000 02:27:28 UTC