RE: Easy to have multiple signatures? from David Burdett on 1999-10-29 (w3c-ietf-xmldsig@w3.org from October to December 1999)

From: David Burdett <david.burdett@commerceone.com>
Date: Thu, 28 Oct 1999 17:48:05 -0700
To: "'Jim Schaad (Exchange)'" <jimsch@EXCHANGE.MICROSOFT.com>, "'Joseph M. Reagle Jr.'" <reagle@w3.org>, David Solo <david.solo@citicorp.com>
Cc: IETF/W3C XML-DSig WG <w3c-ietf-xmldsig@w3.org>
Message-ID: <123B7EB05559D311B0D900A0C9EA3D7604F47D@NEPTUNE>

A question ...
 
What would be the best way to handle the situation where someone wanted to
sign **exactly the same** data, but using different certificates and/or
signature algorithms? It seems to me that the "Objects" and the
"ObjectReferences" would be identical and in the current specification would
have to be duplicated.
 
Thoughts
 
David Burdett

-----Original Message-----
From: Jim Schaad (Exchange) [mailto:jimsch@EXCHANGE.MICROSOFT.com]
Sent: Thursday, October 28, 1999 5:49 PM
To: 'Joseph M. Reagle Jr.'; David Solo
Cc: IETF/W3C XML-DSig WG
Subject: RE: Easy to have multiple signatures?



You are precisely correct -- the second person must duplicate the signedinfo
block and create their own signature.  If the second person wanted to also
sign in the first signature (a very common case) they would add a new
ObjectReference to their own signature block.

jim 


> -----Original Message----- 
> From: Joseph M. Reagle Jr. [ mailto:reagle@w3.org <mailto:reagle@w3.org> ]

> Sent: Thursday, October 28, 1999 5:19 PM 
> To: David Solo 
> Cc: IETF/W3C XML-DSig WG 
> Subject: Easy to have multiple signatures? 
> 
> 
> I was trying to represent the present spec [1] as clearly as 
> possible in 
> terms of modelling [2] what we area trying to specify and hit 
> a question 
> based on the following: 
> 
> <Signature> 
>   (SignedInfo) 
>   (SignatureValue) 
>   (KeyInfo)? 
>   (Object)* 
> </Signature> 
> 
> Given you can only have one SignatureValue in a Signature, 
> than all elements 
> within KeyInfo (perhaps a KeyName and a KeyValue) are related 
> by identity, 
> or they are all supposed to be about the same key basically. 
> 
> If you want more than one signature (I and Don signed it), you have to 
> construct a whole new signature block, right? Or is it 
> possible to hang more 
> than one (KeyInfo, SigValue) pair off the same SignedInfo via 
> a reference to 
> it? 
> 
> 
> [1] http://www.w3.org/TR/1999/WD-xmldsig-core-19991022.html
<http://www.w3.org/TR/1999/WD-xmldsig-core-19991022.html>  
> [2] http://www.w3.org/Signature/Drafts/xmldsig-datamodel-19991025.gif
<http://www.w3.org/Signature/Drafts/xmldsig-datamodel-19991025.gif>  
> 
> _________________________________________________________ 
> Joseph Reagle Jr.   
> Policy Analyst           mailto:reagle@w3.org <mailto:reagle@w3.org>  
> XML-Signature Co-Chair   http://w3.org/People/Reagle/
<http://w3.org/People/Reagle/>  
>

Received on Thursday, 28 October 1999 20:54:44 UTC