W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2001

RE: Determining the presence of an XML signature

From: <edsimon@xmlsec.com>
Date: Fri, 7 Dec 2001 15:48:48 -0600
Message-ID: <3C0F50F900000B76@mail.san.yahoo.com>
To: sekhar.vajjhala@sun.com
Cc: w3c-ietf-xmldsig@w3.org
Just discovered this reply never made it from my "Draft" folder to my "Sent"
folder.  Oh well, better late than never...
---------------------------------------------------------

The "short" (and incomplete) answer is that, yes, an application can "discover"
a signature using DOM, XPath, XSLT, regular expressions, or whatever.

HOWEVER, in my view, the "correct" answer is that a practical, secure system
will use schemas or some other higher-level mechanism to dictate whether
or not a signature must, or may, be at a certain node in the document.
Further, such a system will dictate certain parameters of the Signature
such as the algorithms used, and, of course, what that signature must cover.
 These parameters may be dictated through schemas and enforced through schema
validation or through some other way of verifying the integrity of the structure.
 It isn't enough to simply find a signature willy-nilly and indicate only
whether it is valid or not.

Does this help?  If I read too much into the question or misinterpreted
it, let me know.

Regards, Ed

-- Original Message --

>When a recipient receives an XML document containing a signature -
>perhaps
>containing an envloped signature, how does the recipient know there
>is an XML Signature in the content. Either the recipient can
>
>a. search for a <ds:Signature> element in the XML document
>b. or know that there is a XML Signature through some other
>   mechanism.
>
>Which of the above two is the correct or prevalent model ?
>
>Thanks.
>
>Sekhar
>
>


-----------------------------------------------------------------------------------------------
Ed Simon
XMLsec Inc.

Interested in XML Security Training and Consulting services?  Visit "www.xmlsec.com".
Received on Friday, 7 December 2001 16:48:52 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:14 GMT