W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2001

RE: AW: signature portability / C14N / inherited namespaces

From: John Boyer <JBoyer@PureEdge.com>
Date: Thu, 31 May 2001 09:13:35 -0700
Message-ID: <7874BFCCD289A645B5CE3935769F0B520C33E4@tigger.PureEdge.com>
To: "Gregor Karlinger" <gregor.karlinger@iaik.at>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc: <w3c-ietf-xmldsig@w3.org>


Hi Gregor and Donald,

Obviously, I would be an advocate for adding an XPath transform to the
C14N transform.  I proposed this at our third FtF, but it made some
people nervous at the time (and I can understand that; better safe than
sorry).  However, I think we all know now that the procedure is quite
safe provided the following additional step is taken:  after a c14n
transform's xpath transform, add an implicit transform that ensures the
signature element and all of its descendant elements, attributes, and at
least the xmldsig namespace are in the resultant node-set.  W.r.t. the
problem you are trying to solve, this limits the scope of the XPath to
namespace filtering, but with same document signatures, it eliminates
the need to have a separate Reference, do a double hash calculation,
etc.

Cheers,
John Boyer
Received on Thursday, 31 May 2001 12:14:08 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:13 GMT