- From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
- Date: Sun, 24 Jun 2001 22:52:30 -0400
- To: w3c-ietf-xmldsig@w3.org
- cc: Donald.Eastlake@motorola.com
I've actually read most of it yesterday and today and have the
following comments, some of which are quite minor:
Section 4.3.1: one occurance of "CanonicalizationMethod" has the
</code> before, instead of after, the last letter.
Section 4.3.3.2: In both the DTD and Schema, the "stylesheet" element
should occur in addition to the "XPath" element.
Section 4.4: The first three in the list of Type URIs is missing the
colon (":") after the "http".
Maybe I'm just missing something but why, in 4.4.3, does it say that
keying information obtained by a RetrievalMethod "may need to be
canonicalized"? Even if the KeyInfo is signed, the signature is over
the RetrievalMethod element and content, not over what is retrieved,
right? If what is retrieved is a binary blob, like a rawCertificate,
canonicalization doesn't seem very meaningful. And if what is
retrieved is an XPath node set, why do you need to serialize it wutg
c14n? Wouldn't you just extract the relevant information, usually to
construct some sort of binary key object to give to some crypto
library?
Section 4.4.5: Seems a bit odd in just saying that PGPKeyID is a
string. Actually, I belive, PGPKeyID's are 8 octet binary quantities
so it would seem like it should say they are Base64 encoded...
Section 7.3: At the end, the last points two numbered don't seem
connected to the rest of the text. Suggest preceeding them with "To
avoid these problems, applications may need to:" or the like.
Thanks,
Donald
=====================================================================
Donald E. Eastlake 3rd dee3@torque.pothole.com
155 Beaver Street +1 508-634-2066(h)
Milford, MA 01757 USA +1 508-261-5434(w)
Received on Sunday, 24 June 2001 22:53:25 UTC