W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2000

Re: Detached signatures and HTTP Redirects

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Thu, 07 Sep 2000 19:34:25 -0400
Message-Id: <4.3.2.7.2.20000907193034.0407fbe0@rpcp.mit.edu>
To: Brian LaMacchia <bal@microsoft.com>
Cc: XML DSig <w3c-ietf-xmldsig@w3.org>, Dan Connolly <connolly@w3.org>, "Martin J. Duerst" <duerst@w3.org>
At 18:24 8/29/2000 +0000, Brian LaMacchia wrote:
>What should the verifier do in this case?  Should it:
>a) follow the redirect URL to get the content to feed into the set of
>transforms?

Ok, I added a sentence in section 4.3.3; the paragraph now reads:

XML Signature applications MUST be able to parse URI syntax. We RECOMMEND 
they be able to dereference URIs in the HTTP scheme. Dereferencing a URI in 
the HTTP scheme MUST comply with the Status Code Definitions of [HTTP] 
(e.g., 302, 305 and 307 redirects are followed to obtain the entity-body of 
a 200 status code response).

Martin, you suggested the following:

If a resource is identified by more than one URI, the most specific should 
be used (e.g. http://www.w3.org/2000/06/interop-pressrelease.html.en instead 
of http://www.w3.org/2000/06/interop-pressrelease). (See the section 
3.2.1:Reference Validation for a further information on reference processing.)

but given the above, is this where a few URLs are known by the application, 
or where this is an HTTP 300 Mutliple Choices response?


_________________________________________________________
Joseph Reagle Jr.
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Thursday, 7 September 2000 19:34:31 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:11 GMT