W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2001

Re: Clarification on 4.3.3.2 and 4.3.3.3

From: Takuya Mori <tk-mori@isd.nec.co.jp>
Date: Thu, 11 Oct 2001 19:00:11 +0900
To: merlin@baltimore.ie
Cc: w3c-ietf-xmldsig@w3.org
Message-Id: <20011011190011N.tk-mori@isd.nec.co.jp>
Hi merlin,

Thank you for your clarification.

merlin said:
> Indeed,see section 3.1.2 of the processing rules (signature
> generation):
> 
> " Note, if the Signature includes same-document references, [XML] or
>   [XML-schema] validation of the document might introduce changes that
>   break the signature. Consequently, applications should be careful
>   to consistently process the document or refrain from using external
>   contributions (e.g., defaults and entities). "
> 
> [ http://www.w3.org/Signature/Drafts/xmldsig-core/Overview.html ]
> 
> This clearly states that parsing of the signature document
> itself is application-specific, and may be validating or well
> formed.

I skipped over the note you cited.

----
    Takuya Mori
    moritaku@bx.jp.nec.com / tk-mori@isd.nec.co.jp
    Internet Solution Platform Development Div.,
    NEC Solutions, Tokyo Japan
Received on Thursday, 11 October 2001 06:00:24 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:14 GMT