W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2001

Should we define a "critical" flag for ds:Object

From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Date: Thu, 27 Sep 2001 20:46:42 +0200
To: w3c-ietf-xmldsig@w3.org
Message-id: <896222194.1001623602@localhost>
Hi all,

just one idea that I had during having a look at the ETSI documents about 
qualifying signatures[1]. Would it make sense to add a critical attribute 
to the ds:Object that indicates that it includes some properties that have 
to be understood by the verification application? I think about a mechanism 
like the X.509v3 extensions which have a critical flag, which means that 
_if_ it's set the application must understand the extension... In [1], the 
ETSI defines a way to include additional information about a signature 
inside it...

Regards,
Christian

PS: This would include a tweak to the signature verification processing 
model and a schema change. The schema change could be easy if we default 
this to critical='false'. But the processing model would have to say 
something like: "If a ds:Reference references an ds:Object of the signature 
with critial='true' and the application does not know how to handle the 
statements inside ds:Object, the verification MUST fail...."


[1] Standard ETSI TS 101 203 - XML Advanced Electronic Signatures (XAdES)
    http://portal.etsi.org/sec/el-sign.asp
    http://portal.etsi.org/sec/STF178Task3Draft.pdf
Received on Thursday, 27 September 2001 14:44:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:36 UTC