- From: <Frederick.Hirsch@nokia.com>
- Date: Tue, 9 Aug 2011 15:35:18 +0000
- To: <public-xmlsec@w3.org>
- CC: <Frederick.Hirsch@nokia.com>
I have updated XML Signature 2.0 to make the notes regarding RetrievalMethod consistent with 1.1, and to remove the restriction that RetrievalMethod may not have Transform element child (for consistency with 1.1). Detailed changes: (1) Section 3.2 XML Signature 2.0 Conformance Changed "Transforms must not be used in RetrievalMethod. dsig11:KeyInfoReference should be used for key referencing in such cases." to "RetrievalMethod should not be used; dsig11:KeyInfoReference should be used instead." (2) Section 7.3 The RetrievalMethod Element changed "In XML Signature 2.0, Transforms are not allowed in RetrievalMethod. Use of dsig11:KeyInfoReference is encouraged instead, see section 7.10 The dsig11:KeyInfoReference Element." to Note: The KeyInfoReference element is preferred over use of RetrievalMethod as it avoids use of Transform child elements that introduce security risk and implementation challenges." (3) Section 7.10 The dsig11:KeyInfoReference Element changed "Note: The dsig11:KeyInfoReference element is a desirable alternative to the use of RetrievalMethod when the data being referred to is a KeyInfo element and the use of RetrievalMethod would require one or more Transform child elements, which introduce security risk and implementation challenges, and are precluded when using XML Signature 2.0 signatures. " to "Note: The KeyInfoReference element is a desirable alternative to the use of RetrievalMethod when the data being referred to is a KeyInfo element and the use of RetrievalMethod would require one or more Transform child elements, which introduce security risk and implementation challenges." regards, Frederick Frederick Hirsch Nokia This should complete my action from today's meeting, ACTION-823
Received on Tuesday, 9 August 2011 15:36:03 UTC