W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2002

URI Or Not?

From: Tony Palmer <tony@vordel.com>
Date: Fri, 17 May 2002 10:48:49 +0100
To: <w3c-ietf-xmldsig@w3.org>
  The value of the URI attribute contained in the Reference element in
Manoj's example is "logo-text.gif". Should this not be prepended with
"file://" to give URI="file://logo-text.gif" to make it a valid URI?

-----Original Message-----
From: w3c-ietf-xmldsig-request@w3.org
[mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of Manoj K. Srivastava
Sent: 17 May 2002 09:13
To: 'John Messing'; 'Christian Geuer-Pollmann'; 'Tom Gindin'; 'Ed Simon'
Cc: 'Roman Huditsch'; w3c-ietf-xmldsig@w3.org
Subject: RE: newbie Question about PKCS#7

Hi John,

You are right.
Please see the attached signed xml. The file that was signed is also


-----Original Message-----
From: w3c-ietf-xmldsig-request@w3.org
[mailto:w3c-ietf-xmldsig-request@w3.org] On Behalf Of John Messing
Sent: Thursday, May 16, 2002 9:10 PM
To: Christian Geuer-Pollmann; Tom Gindin; Ed Simon
Cc: Roman Huditsch; w3c-ietf-xmldsig@w3.org
Subject: Re: newbie Question about PKCS#7

Wouldn't you need to include the message digest of the file in the
signed data as well and then sign the reference and the message digest
as signed info?

----- Original Message -----
From: "Christian Geuer-Pollmann"
To: "Tom Gindin" <tgindin@us.ibm.com>; "Ed Simon" <edsimon@xmlsec.com>
Cc: "Roman Huditsch" <roman.huditsch@hico.com>;
Sent: Thursday, May 16, 2002 11:05 AM
Subject: Re: newbie Question about PKCS#7

> --On Donnerstag, 16. Mai 2002 11:28 -0400 Tom Gindin
> <tgindin@us.ibm.com>
> wrote:
> >       IMHO, XML Signature is not "the new way of doing signatures".
> > the new, and hopefully best, way of signing documents which include
> > XML. Do you expect people to sign pure binary data using XML
> > Signature rather than CMS?
> I would say XML Signature is a good way for creating digital
> signatures, even detached signatures which create arbitrary binary
> content. Even if there is no hint on what exactly IS the thing being
> signed, the signature itself has rich semantics. But of course, XML
> Signature will have no great future in environments where storage size

> or computing power are limited.
> > Maybe I'm confused about the standard, but I don't see a "Type"
> > value for transparent binary data or a transform for it.  Does a
> > Reference with both Type and Transforms omitted mean binary?
> I would say yes. Signing a GIF or something similar is
> <Reference URI="1.gif" (or URI="protocol://host/1.gif">
>  and no transforms.
> Other opinions?
> Christian
Received on Friday, 17 May 2002 05:46:28 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:37 UTC