> Just had a thought as to how one can get the same > effect of sign/wrap/sign without actually having > to sign twice. ... Rather than signing twice, > two digests [for plaintext and for ciphertext with > names, respectively] are covered by one signature. mr. simon, i believe it works. i can't be sure, because i'm uncertain about the xml-sig syntax. but the idea of signing both digests at once is very nice, and i wish i had thought of it years ago. in fact, i suggest that you should publish it. > if this is an XML Signature security issue, then > it needs to be discussed on the XML Signature list. but this isn't an xml-sig security issue at all; it's a problem that arises only when xml-encryption is combined with xml-sig. since the xml-enc standard will follow the xml-sig standard, it makes sense to address the issue in the xml-enc draft. indeed, the xml-sig draft _cannot_ discuss how signatures should interact with encryption, since xml-sig can't refer to a non-existent xml-enc draft. - don davis, boston -Received on Tuesday, 29 August 2000 19:56:56 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:17 GMT