- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Wed, 17 Nov 1999 16:25:48 -0500
- To: "Jim Schaad (Exchange)" <jimsch@Exchange.Microsoft.com>
- Cc: DSig Group <w3c-ietf-xmldsig@w3.org>
At 13:12 99/11/17 -0800, Jim Schaad (Exchange) wrote: >3. The current wording of the document says: > > 1. locate object and apply Transforms to the specified resource > based on each ObjectReference(s) in the SignedInfo element. Each > transform is applied in order from left to right to the object > with the output of each transform being the input to the next. > >This does not imply in my mind that the location is the only place that the >object can come from. It merely says find the bytes for the object. Jim, I had read this differently (and as I said I didn't like the result of the way I read it). But reading it as you do (which I think is probably the right way on hindsight) I'd agree that the current syntax is sufficient. In the next version of the specification we should be clearer that it is not necessary that the URL be dereferenced from the network for the resource to validate only that some content when transformed (and perhaps that content was pulled from a cache) yields the digest value. _________________________________________________________ Joseph Reagle Jr. Policy Analyst mailto:reagle@w3.org XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Wednesday, 17 November 1999 16:26:23 UTC