- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Tue, 24 Aug 1999 16:32:07 -0400
- To: David Solo <david.solo@citicorp.com>
- Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
David, an attempt at a characterization of our discursion re [1]
1. We want simple processing rules, and you fear based on feedback that one
c14n for the signature and another for inline content within that signature
will lead to complexity or double c14n'ation.
2. In your new proposal, the indirection of the reference pointing to the
object ID which exists outside of <signedInfo> means that fear of point 1 is
mitigated. No chance of double c14n since they are not nested.
3. I'm not convinced that playing with the syntax (making this distinction)
in this way and specifying processing behavior over that distinction is any
easier (or harder) than simply saying the signature c14n should not touch
the nested content of <inline> (or <object>) IF we decide to nest it inside.
We MAY wish to nest it inside for data model reasons, but then again, it
might not be a biggie, the model is very flexible. The goal isn't to
constrain, but to unambiguously specify relationships. (In my picture [2], I
think we would just remove the object relationship from signature->{object,
package, manifest}.
[1] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/1999JulSep/0213.html
[2] http://www.w3.org/Signature/Drafts/xml-dsig-datamodel-990823.html
_________________________________________________________
Joseph Reagle Jr.
Policy Analyst mailto:reagle@w3.org
XML-Signature Co-Chair http://w3.org/People/Reagle/
Received on Tuesday, 24 August 1999 16:32:17 UTC