W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2000

Re: CanonicalizationMethod

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Mon, 31 Jul 2000 14:13:05 -0700
Message-Id: <>
To: Thomas Maslen <maslen@dstc.edu.au>
Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
At 18:20 7/31/2000 +1000, Thomas Maslen wrote:
 >One last vestige (I think) of the no-longer-optional
 >that I didn't notice last time around...  in the editors' copy at
 >	http://www.w3.org/Signature/Drafts/WD-xmldsig-core-latest/
 >section "3.2.2 Signature Validation", item 3 says "(optionally
 >Should it be just "(canonicalized)" now?

Noted and fixed!

 >Also, step 1 of section 3.2.1 is exactly the same as step 1 of section
 >I understand why it's in 3.2.2, and I'm willing to believe that it may also
 >be necessary in 3.2.1 to stave off some attack, but it looks for all the
 >like a cut-and-paste error -- perhaps it needs some text in parentheses
 >boils down to "yes, we really do mean this, and here's why"?  (And, if
this is 
 >necessary, should it be hoisted above "For each Reference in SignedInfo:"
That's been mentioned before and I your recommendation is a good one:

Canonicalize the SignedInfo element based on the CanonicalizationMethod in
SignedInfo (so as to ensure the application Sees What is Signed, which is
the canonical form).

Joseph Reagle Jr.   
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Monday, 31 July 2000 14:12:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:34 UTC