W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2001

Re: Processing model for ds:Reference/@Type

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Wed, 17 Oct 2001 20:55:56 -0400
Message-Id: <200110180055.UAA0000059623@torque.pothole.com>
To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
cc: w3c-ietf-xmldsig@w3.org
Hi,

Whether to process Manifests, what to do if one or more items in the
Manifest fails Reference validation, whether to chase down Manifests
pointed to by Manifests, etc., is all application dependent.  It would
be reasonable, in my opinion, for an application to only process
Manifests where the Reference has a Manifest type attribute, in which
case you would need to generate signatures where the Reference URI
points directly at the Manifest (rather than, say, an encompassing
Object) and specify the Manifest type, if you want that Manifest
checked. But applications are not required to behave in this way.

Donald

From:  Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Date:  Tue, 09 Oct 2001 19:12:45 +0200
To:  w3c-ietf-xmldsig@w3.org
Message-ID:  <1927385181.1002654765@pinkpanther>

>Hi all,
>
>The Type attribute of a ds:Reference can contain the Type of a Reference 
>like
>
>Type="http://www.w3.org/2000/09/xmldsig#Object"
>
>or
>
>Type="http://www.w3.org/2000/09/xmldsig#Manifest"
>
>. Does there exist a proposed processing model how verification is done on 
>that? From what I see,  there exist two different ways:
>
>1: I ignore this type information and do only core validation: 
>SignatureValue and the SignedInfo
>
>2: I try to follow and verify all nested Manifests (if Type="&ds;Manifest").
>
>But what processing should happen if the Type is #Reference or #Object?
>
>
>Christian
>
Received on Wednesday, 17 October 2001 20:58:07 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:14 GMT