- From: John Boyer <jboyer@uwi.com>
- Date: Tue, 5 Oct 1999 09:16:31 -0700
- To: "Andreas Schmidt" <aschmidt@darmstadt.gmd.de>, "XML-DSig mailing list" <w3c-ietf-xmldsig@w3.org>
Is it consensus now that checking the digest is core signature behaviour? If yes, why? There seemed to be reasons for allowing dsig applications to check signatures without checking integrity of the Objects - e.g. a scenario where a trusted third party can wittness the validity of signatures without knowing the signed content. <John> The consensus was to check the digest of the objects indicated by signedobjectref. We perceived 'manifest' as just another object whose digest should be validated by core signature behavior. The manifest idea could then implement the feature you are interested in. Create a 'manifest' element listing the resources and their hashes. A signature would hash the manifest and digitally sign the hash. Verification would validate the integrity of the manifest element. It would then be the app's responsibility to validate or not validate the hashes it contains. The idea is that we need both methods. Obviously you understand the need for the manifest method. However, if we just had a method that validated manifests, then we could not say that core signature behavior was capable of validating the actual data that most people want to sign. John Boyer Software Development Manager UWI.Com -- The Internet Forms Company </John>
Received on Tuesday, 5 October 1999 12:15:52 UTC