- From: Peter Lipp <Peter.Lipp@iaik.at>
- Date: Tue, 16 Nov 1999 23:16:30 +0100
- To: "John Boyer" <jboyer@uwi.com>, "Greg Whitehead" <gwhitehead@signio.com>, "DSig Group" <w3c-ietf-xmldsig@w3.org>
Received on Tuesday, 16 November 1999 17:16:18 UTC
> This is quite problematic. Our core processing rules state that we verify > SignedInfo, then we verify the digest values of the ObjectReferences. HOW > IS CORE BEHAVIOR GOING TO DO THIS IF CORE BEHAVIOR DOESN'T KNOW HOW TO > RETRIEVE THE DATA? I am still wondering if this is a typical case. How often do you find a signature somewhere on the floor where you then need to get the data you want to verify? Most of the time you will get the signature with the data anyway. Somtimes you will have the data and look for a signature. And then, any name is sufficient, need not be a location in the first place. Peter
Received on Tuesday, 16 November 1999 17:16:18 UTC