Thank you very much Christian! It is extra good to get the information from "the man, the myth, the legend", who in fact wrote the C14N library I'm using :-) Sometimes the Internet really rocks! best Anders ----- Original Message ----- From: "Christian Geuer-Pollmann" <Christian.Geuer-Pollmann@microsoft.com> To: "Anders Rundgren" <anders.rundgren@telia.com>; <w3c-ietf-xmldsig@w3.org> Sent: Monday, April 24, 2006 10:01 Subject: RE: Default Transform for same-doc references Anders, Your right both times. (1) The CanonicalizationAlgorithm in the SignedInfo does not change the default c14n for a Transforms chain, so there is no "inheritance" or so. (2) When you want excl-c14n at the end of a transforms chain, you must explicitly mention that (as you did in your example). Best, Christian -----Original Message----- From: w3c-ietf-xmldsig-request@w3.org [mailto:w3c-ietf-xmldsig-request@w3.org] On Behalf Of Anders Rundgren Sent: Sonntag, 23. April 2006 20:31 To: w3c-ietf-xmldsig@w3.org Subject: Default Transform for same-doc references It *seems* that a Reference that references the same document does not "inherit" canonicalization from SignatureInfo but rather use http://www.w3.org/TR/2001/REC-xml-c14n-20010315 Have I got this correct? If I use exclusive canonicalization( http://www.w3.org/2001/10/xml-exc-c14n# ) in SignedInfo, I assume that it would be logical to use this also for a http://www.w3.org/2000/09/xmldsig#enveloped-signature But then I need TWO Transform elements! <Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </Transforms> Right? thanx Anders RundgrenReceived on Monday, 24 April 2006 19:13:14 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 24 April 2006 19:13:14 GMT