W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2000

Re: CanonicalizationMethod

From: Thomas Maslen <maslen@dstc.edu.au>
Date: Mon, 31 Jul 2000 18:20:46 +1000
Message-Id: <200007310820.e6V8Kjs27430@piglet.dstc.edu.au>
To: "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: w3c-ietf-xmldsig@w3.org
One last vestige (I think) of the no-longer-optional CanonicalizationMethod 
that I didn't notice last time around...  in the editors' copy at


section "3.2.2 Signature Validation", item 3 says "(optionally canonicalized)".
Should it be just "(canonicalized)" now?

Also, step 1 of section 3.2.1 is exactly the same as step 1 of section 3.2.2.
I understand why it's in 3.2.2, and I'm willing to believe that it may also
be necessary in 3.2.1 to stave off some attack, but it looks for all the world 
like a cut-and-paste error -- perhaps it needs some text in parentheses that 
boils down to "yes, we really do mean this, and here's why"?  (And, if this is 
necessary, should it be hoisted above "For each Reference in SignedInfo:" ?).

Thomas Maslen
Received on Monday, 31 July 2000 04:21:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:34 UTC