W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2001

3.2.1 Reference Validation - Section has been confused with Signa ture Validation

From: Jared Jonas <JJonas@iLumin.com>
Date: Thu, 24 May 2001 12:36:48 -0400 (EDT)
Message-ID: <01FE208971B3D311B41900508B8B6BCF055983@d8fa5502.ptr.dia.nextlink.net>
To: "'w3c-ietf-xmldsig@w3.org'" <w3c-ietf-xmldsig@w3.org>
Step 1 and the "Note" should be moved to section 3.2.2.
The reference to "SignedInfo" in step 4 should be removed.
I recommend that a new step be added to state the necessary application of
any Transforms included in the Reference.

I have included section 3.2.1 for reference:
W3C Candidate Recommendation 19-April-2001
3.2.1 Reference Validation
For each Reference in SignedInfo:
	Canonicalize the SignedInfo element based on the
CanonicalizationMethod in SignedInfo. 
	Obtain the data object to be digested. (The signature application
may rely upon the identification (URI) and Transforms provided by the signer
in the Reference element, or it may obtain the content through other means
such as a local cache.) 
	Digest the resulting data object using the DigestMethod specified in
its Reference specification. 
	Compare the generated digest value against DigestValue in the
SignedInfo Reference; if there is any mismatch, validation fails. 
Note, SignedInfo is canonicalized in step 1 to ensure the application Sees
What is Signed, which is the canonical form. For instance, if the
CanonicalizationMethod rewrote the URIs (e.g., absolutizing relative URIs)
the signature processing must be cognizant of this.
Received on Wednesday, 30 May 2001 12:38:59 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:13 GMT