W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2001

Re: New XML Signature implementation and Update for Inter-Op

From: merlin <merlin@baltimore.ie>
Date: Mon, 15 Oct 2001 17:01:16 +0100
To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Cc: w3c-ietf-xmldsig@w3.org
Message-Id: <20011015160116.2D40F43BDA@yog-sothoth.ie.baltimore.com>

Hi Christian,

Apart from the manifest and the reference below, your signature
verifies for me. In response to your questions; no, it is a
useless example that should never have a real-world use; and
no, it was generated automatically from the template. It was
just a test of here(), id() and prioritization of references
during generation. Temporarily interesting, but of no practical


>Hi all,
>hi Merlin,
>I have to attach the sample, again. The former one did not verify cause I 
>tried to re-create a very sophisticated Reference from Merlin, and my 
>implementation is not able to create something like this.
>Merlin, the Reference:
>        <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="">
>          <Transforms>
>            <Transform 
>              <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
>                ancestor-or-self::dsig:SignedInfo
>                  and
>                count(ancestor-or-self::dsig:Reference |
>                      here()/ancestor::dsig:Reference[1]) &gt;
>                count(ancestor-or-self::dsig:Reference)
>                  or
>                count(ancestor-or-self::node() |
>                      id('notaries')) =
>                count(ancestor-or-self::node())
>              </XPath>
>            </Transform>
>          </Transforms>
>          <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" 
>          <DigestValue>DkRNHKuQgDiTy9XAAMGbyydg3BI=</DigestValue>
>        </Reference>
>was really horrible. I could not generate something like this... Do you see 
>a case where something like this is needed? I can verify it, but I can't 
>create that from scratch, because the References are filled with 
>DigestValues sequentially. Did you create that Reference at last and then 
>insert it in the middle of your SignedInfo? Wow - geek stuff ;-))
>Best regards,

Baltimore Technologies plc will not be liable for direct,  special,  indirect 
or consequential  damages  arising  from  alteration of  the contents of this
message by a third party or as a result of any virus being passed on.

In addition, certain Marketing collateral may be added from time to time to
promote Baltimore Technologies products, services, Global e-Security or
appearance at trade shows and conferences.

This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.
Received on Monday, 15 October 2001 12:01:21 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:36 UTC