- From: helpcrypto helpcrypto <helpcrypto@gmail.com>
- Date: Tue, 29 Jul 2014 09:30:01 +0200
- To: public-xmlsec-comments@w3.org
- Message-ID: <CAHMQSgsoLcL4LsaAwVctu5WAuzc7ps_CsBOv8Hgi=V_pZ2tJrw@mail.gmail.com>
Hi. Altough XMLDSig [1] is quite old, stable and well-known, I havent been able to understand (maybe a translation/missunderstanding issue) the detached signatures properly. According to [2]: "*The signature is over content external to the Signature element, and can be identified via a URI or transform. Consequently, the signature is "detached" from the content it signs.*" Ok. Detached elements... "*This definition typically applies to separate data objects, but it also includes the instance where the Signature and data object reside within the same XML document but are sibling elements.*" Ok. Signature and object in the same XML doc and siblings. As stated in [3] (I't seems the standard doesnt distinguish between internal/external) "the signature and data can be in separate files or in the same XML file as sibling elements" Shall I understand the "internally detached" *unique valid signature* is where signature and data are brothers (or sisters) [have the same parent]? *Is the following example a valid detached signature? * *<root>* * <my-data>* * <node Id="n"></node>* * <my-data>* * <my-sign> * * <signature ref="n"></signature> </my-sign>* *</root>* Thanks a lot for your help Regards [1] http://www.w3.org/TR/xmldsig-core/ [2] http://www.w3.org/TR/xmldsig-core/#def-SignatureDetached [3] http://msdn.microsoft.com/en-us/library/ms759193%28v=vs.85%29.aspx
Received on Tuesday, 29 July 2014 07:32:42 UTC