W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2001

Re: comments on current xml dsig draft

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Tue, 03 Jul 2001 09:21:26 -0400
Message-Id: <200107031321.JAA0000005402@torque.pothole.com>
To: "Dournaee, Blake" <bdournaee@rsasecurity.com>
cc: w3c-ietf-xmldsig@w3.org, "'ilanzohar@yahoo.com'" <ilanzohar@yahoo.com>

I think running the canonicalization just once is fine.  Generally
here as in other partrs of the standard, you can use any technique
that produces in the same result. It should probably be documented as
being canonicalized once.

Thanksk,
Donald

From:  "Dournaee, Blake" <bdournaee@rsasecurity.com>
Message-ID:  <E7B6CB80230AD31185AD0008C7EBC4D2DAEEDB@exrsa01.rsa.com>
To:  "'Joseph M. Reagle Jr.'" <reagle@w3.org>
Cc:  w3c-ietf-xmldsig@w3.org, "'ilanzohar@yahoo.com'" <ilanzohar@yahoo.com>
Date:  Mon, 2 Jul 2001 20:53:37 -0700 

>Hello,
>
>I had a question/comment about Section 3.2.1, Reference Validation.
>
>The steps listed are to be performed for each <Reference> element. Step 1
>says we should canonicalize <SignedInfo> first. 
>
>Yet, if we do this for every <Reference> element we are running the
>canonicalization algorithm N-1 extra times where N is
>the number of <Reference> elements in <SignedInfo>. Shouldn't one run of
>C14N be enough to canonicalize the signed info? Why do it every time? Are we
>expecting the structure of <Reference> to change as we are validating the
>signature?
>
>
>Blake Dournaee
>Toolkit Applications Engineer
>RSA Security
> 
>"The only thing I know is that I know nothing" - Socrates
Received on Tuesday, 3 July 2001 09:23:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:36 UTC