W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2000

Re: CanonicalizationMethod

From: Thomas Maslen <maslen@dstc.edu.au>
Date: Mon, 31 Jul 2000 18:20:46 +1000
Message-Id: <200007310820.e6V8Kjs27430@piglet.dstc.edu.au>
To: "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: w3c-ietf-xmldsig@w3.org
One last vestige (I think) of the no-longer-optional CanonicalizationMethod 
that I didn't notice last time around...  in the editors' copy at

	http://www.w3.org/Signature/Drafts/WD-xmldsig-core-latest/

section "3.2.2 Signature Validation", item 3 says "(optionally canonicalized)".
Should it be just "(canonicalized)" now?

Also, step 1 of section 3.2.1 is exactly the same as step 1 of section 3.2.2.
I understand why it's in 3.2.2, and I'm willing to believe that it may also
be necessary in 3.2.1 to stave off some attack, but it looks for all the world 
like a cut-and-paste error -- perhaps it needs some text in parentheses that 
boils down to "yes, we really do mean this, and here's why"?  (And, if this is 
necessary, should it be hoisted above "For each Reference in SignedInfo:" ?).

Thomas Maslen
maslen@pobox.com
Received on Monday, 31 July 2000 04:21:10 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:10 GMT