AW: signature portability / C14N / inherited namespaces

Joseph,

> I presume this would be part of the processing in section 3.2.2?
> http://www.w3.org/Signature/Drafts/xmldsig-core/Overview.html#sec-
CoreValidation
3.2.2 Signature Validation
1. Obtain the keying information from KeyInfo or from an external source.
2. Obtain the canonical form of the SignatureMethod using the
CanonicalizationMethod and use the result (and previously obtained KeyInfo)
to validate the SignatureValue over the SignedInfo element.

<!-- here's some warning text -->
/+Note, if the Signature is not the root element of the document, ancestor
namespace context, which may change if the Signature is intended to be
portable (e.g., transported in an XML message), may affect the canonicalized
form of the SignedInfo and consequently its signature validity. +/

<!-- something more? -->
/+Signatures that are intended to be portable portable signatures
must/?/should:
1. be processed in their final context. (What exactly is the final context,
is this equivalent to the document subset with Signature at it's root?)

<Gregor>
  I have not thought a lot about the consequences of the following idea,
  but anyway: Should we add an additional rule both to the processing
  rules for signature generation and validation, that the SignedInfo
  element should be isolated from its context prior to computing
  the canonicalized representation?
</Gregor>

2. the Signature should be generated in a particular portable form. (Rob's
solution wasn't general? -- and using the same prefix is rather
constraining/hackish?)
+/

Liebe Gruesse/Regards,
---------------------------------------------------------------
DI Gregor Karlinger
mailto:gregor.karlinger@iaik.at
http://www.iaik.at
Phone +43 316 873 5541
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------

Received on Thursday, 24 May 2001 08:08:29 UTC