W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2001

comments on current xml dsig draft

From: Dournaee, Blake <bdournaee@rsasecurity.com>
Date: Mon, 2 Jul 2001 20:53:37 -0700
Message-ID: <E7B6CB80230AD31185AD0008C7EBC4D2DAEEDB@exrsa01.rsa.com>
To: "'Joseph M. Reagle Jr.'" <reagle@w3.org>
Cc: w3c-ietf-xmldsig@w3.org, "'ilanzohar@yahoo.com'" <ilanzohar@yahoo.com>
Hello,

I had a question/comment about Section 3.2.1, Reference Validation.

The steps listed are to be performed for each <Reference> element. Step 1
says we should canonicalize <SignedInfo> first. 

Yet, if we do this for every <Reference> element we are running the
canonicalization algorithm N-1 extra times where N is
the number of <Reference> elements in <SignedInfo>. Shouldn't one run of
C14N be enough to canonicalize the signed info? Why do it every time? Are we
expecting the structure of <Reference> to change as we are validating the
signature?



Blake Dournaee
Toolkit Applications Engineer
RSA Security
 
"The only thing I know is that I know nothing" - Socrates
 
 
Received on Monday, 2 July 2001 23:50:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:36 UTC