- From: <david.solo@citicorp.com>
- Date: Wed, 17 Nov 1999 17:15:37 -0500
- TO: marcnarc@xcert.com, w3c-ietf-xmldsig@w3.org
- Message-Id: <H0000cc404c04a79@MHS>
I think this is sort of what I had in mind when I suggested the definition of (at least some of) the transforms should be "make it x" vs. "do x". Thus the statement is I signed a canonicalized, decoded instance of this object. If you've got one, digest it, if not, you need to perform the corresponding transforms. This would be in contrast to the interpretation of "you must obtain a version and apply each specified transform". Dave > -----Original Message----- > From: marcnarc [mailto:marcnarc@xcert.com] > Sent: Wednesday, November 17, 1999 5:47 PM > To: w3c-ietf-xmldsig > Cc: marcnarc > Subject: Re: Omitting Location and Transforms from SignedInfo > > > > I find your arguments persuasive, so I'm reversing my > position on signed > transforms. > > In your reply to Mack Hicks, you state that "the signature > should be applied > to a format of the document as close as possible to the presentation > format." I like this idea, and I'm starting to think that > maybe transforms > have been trying to do things backwards (or maybe it's just > my reading of > them that is backwards). > > Instead of saying "do A, B and C to this document before verifying the > signature" perhaps transforms should just indicate the "base > format" that the > document was in when it was signed. > > Admittedly, I'm not exactly sure how this could be done (MIME types, > maybe?). But it seems to me that the problem with transforms > is that the > signer has to make assumptions about how the verifier will > obtain the signed > content. Things might be easier if the signer could just > state what format > the content was in when it was signed. > > Marc > >
Received on Wednesday, 17 November 1999 17:16:23 UTC