- From: TAMURA Kent <kent@trl.ibm.co.jp>
- Date: Wed, 4 Oct 2000 14:40:03 +0900
- To: w3c-ietf-xmldsig@w3.org
In message "Re: Comments on XML-Signature S&P draft"
on 00/10/03, "Joseph M. Reagle Jr." <reagle@w3.org> writes:
> >Ok, I have understood the order of c14n and Reference
> >processing. But how about the order of c14n and obtaning a key
> >(1 and 2 in 3.2.2)? The SignedInfo has no reference to the
> >KeyInfo.
>
> Consider the following scenario:
>
> Author creates signature that includes a reference to KeyInfo element (and
> consequently it is signed). This KeyInfo contains a RetrievalMethod with a
> relative URL; KeyInfo is canonicalized using an algorithm that resolved URLs
> (since the Signature Reference is an XPointer barename to it).
It is very strange...
What would happen if a KeyInfo element was pointed from two
Reference elements and they had different Transforms?
There is no rules in the specification such as the KeyInfo MUST
be signed and signature applications MUST treat transformed
result of the reference as a KeyInfo element.
--
TAMURA Kent @ Tokyo Research Laboratory, IBM
Received on Wednesday, 4 October 2000 01:40:40 UTC