W3C home > Mailing lists > Public > xml-dist-app@w3.org > June 2003

RE: New Attachments Issues

From: Martin Gudgin <mgudgin@microsoft.com>
Date: Wed, 11 Jun 2003 10:43:22 -0700
Message-ID: <7C083876C492EB4BAAF6B3AE0732970E0BBCAFE3@red-msg-08.redmond.corp.microsoft.com>
To: "Rich Salz" <rsalz@datapower.com>, "Tony Graham" <Tony.Graham@Sun.COM>
Cc: "XMLP Dist App" <xml-dist-app@w3.org>

I think that if I was signing only the content of an element, then it's
easy to sign the binary form. In fact, provided both ends know what's
going on, it doesn't really matter what the lexical form is. If I sign
binary and send base64 serialization and the other end ( after passage
through one or more intermediaries ) gets raw binary serialization then
things should still work.

Where it gets trickier is where I want to sign an element, its
attributes AND its content. I don't know whether you can sign the binary
data in this case. Rich?


> -----Original Message-----
> From: xml-dist-app-request@w3.org 
> [mailto:xml-dist-app-request@w3.org] On Behalf Of Rich Salz
> Sent: 11 June 2003 16:31
> To: Tony Graham
> Cc: XMLP Dist App
> Subject: Re: New Attachments Issues
> >    be over the included data. Current XML signature 
> algorithms require
> >    signing the included data as base64-encoded characters; 
> the lexical
> >    form of such characters SHOULD be canonicalized.
> This is wrong.  Current XML signature algorithms work 
> perfectly fine with signing binary data.  As it says at the 
> start of the XML DSIG spec
>     Signatures can be applied to any digital content
> Cf: http://www.w3.org/TR/xmldsig-core/#def-DataObject
> 	/r$
> --
> Rich Salz, Chief Security Architect
> DataPower Technology       http://www.datapower.com
> XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
> XML Security Overview      
> http://www.datapower.com/xmldev/xmlsecurity.html
Received on Wednesday, 11 June 2003 13:43:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 22:01:23 UTC