- From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
- Date: Thu, 28 Oct 1999 21:38:49 -0400
- To: David Burdett <david.burdett@commerceone.com>
- cc: IETF/W3C XML-DSig WG <w3c-ietf-xmldsig@w3.org>
You have to duplicate the <Signature> element but you can make it
smaller by having only one ObjectReference in SignedInfo and having it
point to an Object with a Manifest in that which in turn points to all
the things you actually want to secure. This Object would not be
duplicated. It would probably be outside all the <Signature>s although
I guess it could be inside one of them if you wanted.
Donald
From: David Burdett <david.burdett@commerceone.com>
Resent-Date: Thu, 28 Oct 1999 20:54:50 -0400 (EDT)
Resent-Message-Id: <199910290054.UAA19769@www19.w3.org>
Message-ID: <123B7EB05559D311B0D900A0C9EA3D7604F47D@NEPTUNE>
To: "'Jim Schaad (Exchange)'" <jimsch@EXCHANGE.MICROSOFT.com>,
"'Joseph M. Reagle Jr.'" <reagle@w3.org>,
David Solo
<david.solo@citicorp.com>
Cc: IETF/W3C XML-DSig WG <w3c-ietf-xmldsig@w3.org>
Date: Thu, 28 Oct 1999 17:48:05 -0700
Content-Type: text/plain;
charset="iso-8859-1"
Resent-From: w3c-ietf-xmldsig@w3.org
X-Mailing-List: <w3c-ietf-xmldsig@w3.org> archive/latest/680
X-Loop: w3c-ietf-xmldsig@w3.org
Sender: w3c-ietf-xmldsig-request@w3.org
Resent-Sender: w3c-ietf-xmldsig-request@w3.org
Precedence: list
>A question ...
>
>What would be the best way to handle the situation where someone wanted to
>sign **exactly the same** data, but using different certificates and/or
>signature algorithms? It seems to me that the "Objects" and the
>"ObjectReferences" would be identical and in the current specification would
>have to be duplicated.
>
>Thoughts
>
>David Burdett
>
>-----Original Message-----
>From: Jim Schaad (Exchange) [mailto:jimsch@EXCHANGE.MICROSOFT.com]
>Sent: Thursday, October 28, 1999 5:49 PM
>To: 'Joseph M. Reagle Jr.'; David Solo
>Cc: IETF/W3C XML-DSig WG
>Subject: RE: Easy to have multiple signatures?
>
>
>
>You are precisely correct -- the second person must duplicate the signedinfo
>block and create their own signature. If the second person wanted to also
>sign in the first signature (a very common case) they would add a new
>ObjectReference to their own signature block.
>
>jim
>
>
>> -----Original Message-----
>> From: Joseph M. Reagle Jr. [ mailto:reagle@w3.org <mailto:reagle@w3.org> ]
>
>> Sent: Thursday, October 28, 1999 5:19 PM
>> To: David Solo
>> Cc: IETF/W3C XML-DSig WG
>> Subject: Easy to have multiple signatures?
>>
>>
>> I was trying to represent the present spec [1] as clearly as
>> possible in
>> terms of modelling [2] what we area trying to specify and hit
>> a question
>> based on the following:
>>
>> <Signature>
>> (SignedInfo)
>> (SignatureValue)
>> (KeyInfo)?
>> (Object)*
>> </Signature>
>>
>> Given you can only have one SignatureValue in a Signature,
>> than all elements
>> within KeyInfo (perhaps a KeyName and a KeyValue) are related
>> by identity,
>> or they are all supposed to be about the same key basically.
>>
>> If you want more than one signature (I and Don signed it), you have to
>> construct a whole new signature block, right? Or is it
>> possible to hang more
>> than one (KeyInfo, SigValue) pair off the same SignedInfo via
>> a reference to
>> it?
>>
>>
>> [1] http://www.w3.org/TR/1999/WD-xmldsig-core-19991022.html
><http://www.w3.org/TR/1999/WD-xmldsig-core-19991022.html>
>> [2] http://www.w3.org/Signature/Drafts/xmldsig-datamodel-19991025.gif
><http://www.w3.org/Signature/Drafts/xmldsig-datamodel-19991025.gif>
>>
>> _________________________________________________________
>> Joseph Reagle Jr.
>> Policy Analyst mailto:reagle@w3.org <mailto:reagle@w3.org>
>> XML-Signature Co-Chair http://w3.org/People/Reagle/
><http://w3.org/People/Reagle/>
>>
>
Received on Thursday, 28 October 1999 21:39:05 UTC