W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

RE: Enveloped signatures and XPath

From: Gregor Karlinger <gregor.karlinger@iaik.at>
Date: Thu, 30 Mar 2000 09:26:05 +0200
To: <tgindin@us.ibm.com>, "John Boyer" <jboyer@PureEdge.com>
Cc: <w3c-ietf-xmldsig@w3.org>
Message-ID: <NDBBIMACDKCOPBLEJCCDOEEDCEAA.gregor.karlinger@iaik.at>
Tom,

[...]

> Of course,
> both Transforms and CanonicalizationMethod need to be in the digest base,
> to avoid the known transform substitution attacks (canonicalization is a
> type of limited transform).

This stuff is considered in any case, but not as part of the digest base.
In fact it is part of the input for the signature calculation since
Transforms
and CanonicalizationMethod are ancestors of SignedInfo.

>      Would it thus be simpler to have the standard transform remove any
> Signature element encountered which was not the top-level subject of any
> reference (not necessarily one in the current block)?

I am not sure if I understand this question. Could you please provide
more detailled description?

Regards, Gregor
---------------------------------------------------------------
Gregor Karlinger
mailto://gregor.karlinger@iaik.at
http://www.iaik.at
Phone +43 316 873 5541
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------
Received on Thursday, 30 March 2000 02:27:28 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT