- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Tue, 10 Oct 2000 14:39:42 -0400
- To: merlin <merlin@baltimore.ie>
- Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
At 15:30 10/10/2000 +0100, merlin wrote: >http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000JulSep/0423.html > > The consensus on the call was that adding a RetrievalMethod > Type for a binary X.509 certificate was a good idea. Right, it is describe in 4.4 http://www.w3.org/Signature/Drafts/WD-xmldsig-core-latest/#sec-KeyInfo > >1. limit it to absolute URIs? (If the keys are in the same document, why > not > >use KeyInfo?) > >For example, to have a single occurence of a large X509Data and to >then refer to it from multiple signatures. Ok. > >2. Permit fragment identifiers and require the same processing model as > the > >Reference section? I believe this was the intent and I'll clarify that for > >the time being: > >RetrievalMethod uses the same syntax and dereferencing behaviour as > >Reference's URI (section 4.3.3.1) except that there is no DigestMethod or > >DigestValue child elements and presence of the URI is mandatory; Type is > an > >optional identifier for the type of data to be retrieved. > >I think we should definitely use the same processing model; perhaps just >have language to the effect that: > > If the result of the dereference and transformation is a node set,[ and > the > RetrievalMethod Type is one of the types defined in this document,] then > the > node set is processed as if it were canonicalized and retrieved as a raw > octet stream. Hrmm... I think I prefer to err on the side of making the RetrievalMethod author include a specific c14n in the transform. Ok, new text: 4.4 The KeyInfo Element .... The following list summarizes the KeyInfo types defined by this specification; these can be used within the RetrievalMethod Type attribute to describe the remote KeyInfo structure as represented as an octect stream. 4.4.3 The RetrievalMethod Element .... RetrievalMethod uses the same syntax and dereferencing behavior as Reference's URI (section 4.3.3.1) and The Reference Processing Model (section 4.3.3.2) except that there is no DigestMethod or DigestValue child elements and presence of the URI is mandatory. Note, if the result of dereferencing and transforming the specified URI is a node set, then it may need to be to be canonicalized.All of the KeyInfo types defined by this specification (section 4.4) require octets, consequently the Signature application is expected to attempt to canonicalize the nodeset via the The Reference Processing Model (section 4.3.3.2) __ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Tuesday, 10 October 2000 14:39:48 UTC