Re: Proposal for using xmldsig2:Selection with XML Encryption CipherReference (ACTION-805/ISSUE-132) from Cantor, Scott E. on 2011-06-10 (public-xmlsec@w3.org from June 2011)

From: Cantor, Scott E. <cantor.2@osu.edu>
Date: Fri, 10 Jun 2011 17:30:48 +0000
To: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, Pratik Datta <pratik.datta@oracle.com>
CC: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <CA17CCA6.CEE9%cantor.2@osu.edu>

On 6/10/11 1:24 PM, "Frederick.Hirsch@nokia.com"
<Frederick.Hirsch@nokia.com> wrote:
>Do others agree with simply ignoring the URI attribute on the
>CipherReference when using the 2.0 transform and not defining a new
>element?

I think it depends what the usual library workflow is. I think we
concluded that any sane implementation of Signature already had to review
the transforms before dereferencing the URI because of all the behaviors
and optimizations they need. If that's true of Encryption, you should be
fine.

-- Scott

Received on Friday, 10 June 2011 17:32:14 UTC