W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2005

Re: XC14N problem with nested signatures

From: Rich Salz <rsalz@datapower.com>
Date: Tue, 21 Jun 2005 08:57:11 -0400 (EDT)
To: Anders Rundgren <anders.rundgren@telia.com>
cc: "w3c-ietf-xmldsig@w3.org" <w3c-ietf-xmldsig@w3.org>
Message-ID: <Pine.LNX.4.44L0.0506210855540.28076-100000@smtp.datapower.com> 

> Question: Is there a clean way of doing nested XML Signatures and then be able
> to extract an inner signature that will validate on its own?

Hi Anders.

Exclusive canonicalization was defined to address exactly this problem.
For what it's worth, the "web services" world seems to be moving to
using exc-c14n, er, exclusively.

	/r$

-- 
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
Received on Tuesday, 21 June 2005 12:57:20 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.30 : Tuesday, 21 June 2005 12:57:21 GMT