- From: Andreas Schmidt <aschmidt@darmstadt.gmd.de>
- Date: Tue, 05 Oct 1999 10:59:08 +0200
- To: XML-DSig mailing list <w3c-ietf-xmldsig@w3.org>
> 8.2 Signature Validation > 2.calculate digest over all transformed signed > object(s) based on the algorithm in Object reference(s). > If the object is contained within the Object > element, only the object itself is hashed (i.e. the <Object> > and </Object > tags are excluded). > 3.compare value against digest value in SignedInfo > (if mismatch, validation fails). Is it consensus now that checking the digest is core signature behaviour? If yes, why? There seemed to be reasons for allowing dsig applications to check signatures without checking integrity of the Objects - e.g. a scenario where a trusted third party can wittness the validity of signatures without knowing the signed content. AUS -------------------------------------------------------------------- Dr. Andreas U. Schmidt, Dept. SIT | mailto:aschmidt@darmstadt.gmd.de GMD German National Research | phone :+49-6151-869-712 Center for Information Technology | fax :+49-6151-869-704 --------------------------------------------------------------------
Received on Tuesday, 5 October 1999 04:59:16 UTC