W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2004

Re: XAdES - More secure than XML Dsig?

From: Rich Salz <rsalz@datapower.com>
Date: Wed, 10 Mar 2004 10:14:56 -0500
Message-ID: <404F30F0.8090601@datapower.com>
To: Anders Rundgren <anders.rundgren@telia.com>
Cc: w3c-ietf-xmldsig@w3.org 

> According to some users of XAdES, it is more secure
> as you also sign the hash of the signer's certificate in
> order to thwart changing this element.
> 
> Any thoughts on why this presumably good solution
> is not a part of XML Dsig?

You can do this now, by adding a Reference that points to the cert and 
including the cert in the Signature.  I don't think anything special is 
needed.

	/r$

-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html
Received on Wednesday, 10 March 2004 10:03:32 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:18 GMT