Re: digest requirement from Joseph Reagle on 2001-09-26 (xml-encryption@w3.org from September 2001)

From: Joseph Reagle <reagle@w3.org>
Date: Wed, 26 Sep 2001 19:05:58 -0400
To: "Amir Herzberg" <AMIR@newgenpay.com>, "XML Encryption WG" <xml-encryption@w3.org>
Message-Id: <20010926232542.BC6E987400@policy.w3.org>

On Monday 24 September 2001 06:32, Amir Herzberg wrote:
> No, simply for the reference you've put in the manifest to be valid,
> e.g.:
> <Reference URI="foo.xml#b">
>
> Without putting the `id="b"` in the EncryptedData I think this reference
> won't identify this element.

But you aren't signing the encrypted data, but it's decrypted form. So 
having it have the same ID might be nice, but I don't think it's required 
(from a philosophical point of view.) It might help you stage your 
processing, but those things will have to be decrypted first anyway, but 
the Decryption Transform.

For this I still think that we
> must either use DigestValue in the EncryptedData, and a transform to
> sign only the DigestValue, or a transform to remove the entire
> EncryptedData and sign it only via Manifest as you suggested.

Ok, I'll put the question to the list.

Received on Wednesday, 26 September 2001 19:25:44 UTC