W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2001

Re: Enveloped-signature games with pre-c14n

From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Date: Sat, 01 Sep 2001 17:40:25 +0200
To: Joseph Reagle <reagle@w3.org>
Cc: merlin <merlin@baltimore.ie>, w3c-ietf-xmldsig@w3.org
Message-id: <2933612447.999366025@pinkpanther>
Hi Joseph,

> Christian/Merlin, I don't recall, did we ever resolve this proposal?

I actually don't know. For me, it reads like :

  "It's not possible to apply Transforms that produce octet
   stream output (like base64 or c14n) prior to
   #enveloped-signature transform or an #xpath transform
   that uses the here() function. Additionally, it's not
   possible to apply #enveloped-signature transform or an
   #xpath transform that uses here() to a non-local URI."

But I am not sure whether this is correct.
Christian


Dialog modified for readability:

>>>>> If you perform c14n/reparse, then you have a new document.
>>>>> Merlin

>>>> Sorry fo bugging again. Could this be done by saying in the spec:
>>>>
>>>>   "It's not possible to apply Transforms that produce octet
>>>>    stream output (like base64 or c14n) prior to
>>>>    #enveloped-signature transform or an #xpath transform
>>>>    that uses the here() function."
>>>> Would this make sense?
>>>> Christian

>>> That doesn't cover the case of applying the transform to a non-local
>>> URI. At most, a sentence saying that enveloped signature cannot be
>>> applied to a resource other than a node set from the original signature
>>> document. Given that the usage seems nonsensical, I'm not sure that
>>> even this is really necessary.
>>> Merlin

>> But if I apply #enveloped-signature #xpath with here()-usage to a
>> non-local URI, this is an error, isn't it?
>> Christian

> Hi Christian, It is. Your statement merely disallowed
> certain transforms, not certain URIs.
> Merlin




Mit freundlichen Grüßen,

Christian Geuer-Pollmann


--------------------------------------------------------------------------
Institute for Data Communications Systems             University of Siegen
Hoelderlinstrasse 3                 D-57068 Siegen                 Germany

mail:  mailto:geuer-pollmann@nue.et-inf.uni-siegen.de
web:  <http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/>
Received on Saturday, 1 September 2001 11:39:12 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:36 UTC