W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 1999

Re: Requirements questions

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Fri, 18 Jun 1999 11:31:59 -0400
Message-Id: <>
To: "Bugbee, Larry" <Larry.Bugbee@PSS.Boeing.com>
Cc: "'w3c-ietf-xmldsig@w3.org'" <w3c-ietf-xmldsig@w3.org>
At 12:03 PM 6/16/99 -0700, Bugbee, Larry wrote:
 >  1. If person A signs a portion of a document and it is 
 >     altered and signed by B, will you be able to later 
 >     know what A signed?  

If their alteration causes a change in the byte value of the canonical XML,
they will invalidate A's signature. There are two options, they retain A's
content/signature and modify/sign a variant copy, and pass both on. Or they
keep A's copy, and represent the diffs using something like XSL. For
instance, if you created a document and signed it, and I wanted to tweak it
or annotate it, perhaps I could do this using a chunk of XSL or XML/XPtr
annotations which I can then sign. I'm hoping some of the application
developers in the group would have more thoughts on this.

We specify no requirements on any of this presently, though I'm open to

 >  2. Are there plans to incorporate timestamps stronger 
 >     than a simple ASCII date/time?  (3rd party notaries)

My opinion is that sophisticated time stamps are trust-decision semantics
that should be layered atop the signature validity work. I'll try to reflect
this in the RD.

 >  3. Does this activity plan to address the encryption of 
 >     selected XML content?  Should it?  Or should there
 >     be an explicit statement that confidentiality is not 
 >     being addressed?
Good thing to state regardless, not sure how everyone feels. Presently, we
are not addressing confidentiality though Brown asserts it is easily
achievable with the elements in his proposal.
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://w3.org/People/Reagle/
Received on Friday, 18 June 1999 11:32:06 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:09:55 UTC