W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2001

additional XML Digital Signature clarifications

From: Frederick J. Hirsch <hirsch@caveosystems.com>
Date: Sun, 21 Jan 2001 16:06:21 -0500
To: <w3c-ietf-xmldsig@w3.org>
Message-ID: <NEBBLPMKCKBLFHBJIHPCOEHGCIAA.hirsch@caveosystems.com>
The XML Digital Signature recommendation is an excellent document, and improves
tremendously with each versions. I have a few questions, just clarifications:

1) I assume a Manifest is not required to be within a Signature element. If a
Manifest is within a Signature element it must be within an Object element, but
not otherwise.

This allows a Manifest to be included in multiple signatures, as discussed in
section 2.3 (Extended Example). Ignoring namespaces and content:

<document>
<Signature>,,,<Reference URI=#Manifest
Type="http://www.w3.org/2000/09/xmldsig#Manifest">... </Reference></Signature>
<Signature>,,,<Reference URI=#Manifest
Type="http://www.w3.org/2000/09/xmldsig#Manifest">... </Reference></Signature>
<Signature>,,,<Reference URI=#Manifest
Type="http://www.w3.org/2000/09/xmldsig#Manifest">... </Reference></Signature>
<Manifest Id=>
<Reference>...</Reference>
<Reference>...</Reference>
...
</Manifest>
</document>

2) In 4.3.2 on the SignatureMethod,the specification states "While there is a
single identifier, that identifier may specify a format containing multiple
distinct signature values".

I'm not sure what this sentence is trying to say. Does it simply mean that the
signature values will vary for an algorithm based on the input? Is there an
example of what this is getting at

3) The KeyInfo section mentions a rawX509Certificate type, but this is not
referenced in the KeyInfo schema.  Should it be one of the choices? Wouldn't the
X509Data element with the X509Certificate contain a base64 encoded binary
certificate value as well?

4) A minor typo in 4.4, KeyInfo, 3rd paragraph: octect should be octet (end of
paragraph).

< Frederick
Received on Sunday, 21 January 2001 15:59:32 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:12 GMT