On Thursday, May 8, 2003, at 14:33 US/Eastern, Mark Nottingham wrote: >> How does it sidestep the problem? Please explain. > > Your original question was: > >> If A uses the latter case, how do C or D determine which instances of >> base64 encoded data to decode prior to signature verification ? > > If you sign the value space, no decision about encoding need to be > made, > because encoding isn't visible, period. There does need to be > visibility > of type information (or some other hint, as you discuss), but I *think* > we're in agreement that this is a manageable problem. A requirement for visibility of type information is a serious issue IMO. Hence my suggestion for a simple indicator of which contents are inlined binary data. Also note that messages are transmitted in lexical space so verifying a sig would require base64 decoding. > I think an appropriate question is whether it's a problem we (XMLP) > need > to provide a solution for, as it's rather specific to digital > signatures, > and therefore might be better considered elsewhere. I think its important that we consider how any new proposal fits with existing practice and available technologies. > I do agree that we > need to investigate enough to assure that it's solveable, which we > appear > to be doing. > Indeed. Marc. -- Marc Hadley <marc.hadley@sun.com> Web Technologies and Standards, Sun Microsystems.Received on Thursday, 8 May 2003 14:48:24 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:14 GMT