W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2001

Re: New XML Signature implementation and Update for Inter-Op

From: merlin <merlin@baltimore.ie>
Date: Mon, 15 Oct 2001 17:01:16 +0100
To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Cc: w3c-ietf-xmldsig@w3.org
Message-Id: <20011015160116.2D40F43BDA@yog-sothoth.ie.baltimore.com>

Hi Christian,

Apart from the manifest and the reference below, your signature
verifies for me. In response to your questions; no, it is a
useless example that should never have a real-world use; and
no, it was generated automatically from the template. It was
just a test of here(), id() and prioritization of references
during generation. Temporarily interesting, but of no practical
use.

Merlin

r/geuer-pollmann@nue.et-inf.uni-siegen.de/2001.10.15/10:29:27
>Hi all,
>hi Merlin,
>
>I have to attach the sample, again. The former one did not verify cause I 
>tried to re-create a very sophisticated Reference from Merlin, and my 
>implementation is not able to create something like this.
>
>Merlin, the Reference:
>
>        <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="">
>          <Transforms>
>            <Transform 
>Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
>              <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
>                ancestor-or-self::dsig:SignedInfo
>                  and
>                count(ancestor-or-self::dsig:Reference |
>                      here()/ancestor::dsig:Reference[1]) &gt;
>                count(ancestor-or-self::dsig:Reference)
>                  or
>                count(ancestor-or-self::node() |
>                      id('notaries')) =
>                count(ancestor-or-self::node())
>              </XPath>
>            </Transform>
>          </Transforms>
>          <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" 
>/>
>          <DigestValue>DkRNHKuQgDiTy9XAAMGbyydg3BI=</DigestValue>
>        </Reference>
>
>was really horrible. I could not generate something like this... Do you see 
>a case where something like this is needed? I can verify it, but I can't 
>create that from scratch, because the References are filled with 
>DigestValues sequentially. Did you create that Reference at last and then 
>insert it in the middle of your SignedInfo? Wow - geek stuff ;-))
>
>
>Best regards,
>Christian


-----------------------------------------------------------------------------
Baltimore Technologies plc will not be liable for direct,  special,  indirect 
or consequential  damages  arising  from  alteration of  the contents of this
message by a third party or as a result of any virus being passed on.

In addition, certain Marketing collateral may be added from time to time to
promote Baltimore Technologies products, services, Global e-Security or
appearance at trade shows and conferences.

This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.
   http://www.baltimore.com
Received on Monday, 15 October 2001 12:01:21 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:14 GMT