Widget DigSign: Example of a distributor signature document is buggy from Breitschwerdt, Christian, VF-Group on 2009-10-06 (public-webapps@w3.org from October to December 2009)

From: Breitschwerdt, Christian, VF-Group <christian.breitschwerdt@vodafone.com>
Date: Tue, 6 Oct 2009 15:44:02 +0200
To: <public-Webapps@w3.org>, "Marcos Caceres" <marcosc@opera.com>
Cc: "Priestley, Mark, VF-Group" <Mark.Priestley@vodafone.com>
Message-ID: <B9F8A14E834C6649877F07B831EE611105470A1B@EITO-MBX02.internal.vodafone.com>

Hi Marcos,

The position of the <object> element in the example provided in
http://www.w3.org/TR/widgets-digsig/ section 1.4 is not correct in that
the <object> occurs before the <SignatureValue>. 

The DTD provided fo the XMLDIG11
http://www.w3.org/TR/2009/WD-xmldsig-core1-20090226/xmldsig-core-schema.
dtd and also the example
http://www.w3.org/TR/2009/WD-xmldsig-core1-20090226/signature-example.xm
l instruct us that it should occur AFTER the <SignatureValue>. 

The major problem with the example is that even it is non-normative it
may be used by implementors as a template, and some existing XML
security tools  chains (i.e. Apache XML security library) will fail to
process a template that has the <object> in the wrong order. 

Kind regards,
Christian

Received on Tuesday, 6 October 2009 13:44:37 UTC