- From: Dournaee, Blake <bdournaee@rsasecurity.com>
- Date: Mon, 2 Jul 2001 20:53:37 -0700
- To: "'Joseph M. Reagle Jr.'" <reagle@w3.org>
- Cc: w3c-ietf-xmldsig@w3.org, "'ilanzohar@yahoo.com'" <ilanzohar@yahoo.com>
Hello, I had a question/comment about Section 3.2.1, Reference Validation. The steps listed are to be performed for each <Reference> element. Step 1 says we should canonicalize <SignedInfo> first. Yet, if we do this for every <Reference> element we are running the canonicalization algorithm N-1 extra times where N is the number of <Reference> elements in <SignedInfo>. Shouldn't one run of C14N be enough to canonicalize the signed info? Why do it every time? Are we expecting the structure of <Reference> to change as we are validating the signature? Blake Dournaee Toolkit Applications Engineer RSA Security "The only thing I know is that I know nothing" - Socrates
Received on Monday, 2 July 2001 23:50:30 UTC