- From: Marc Branchaud <marcnarc@xcert.com>
- Date: Wed, 17 Nov 1999 17:20:17 -0800
- To: w3c-ietf-xmldsig@w3.org
This is what I was getting at when I said I wasn't sure how it could be done. But these questions you raise aren't solved by a list of transforms, signed or not. You basically never know if something is in the correct form until you try to use it. In some ways, it's a bit strange to have an XML signature library deal with all these transformation issues. After all, the signed content itself wasn't transformed by any application of an XML signature [*]. Rather, the content got mutated by some other agent after a signature was created. The best a signature-verifying library can do is tell its application that it needs the signed-form of the content, and hope that the app knows how to get it. At least an application has more context to play with than a library. Making the library faithfully apply a list of transformations isn't going to solve this issue. [*] I suppose I should be clear here that I'm talking about transforms in Mark Bartel's second sense (i.e. "To assist in retrieving the document in the appropriate form"), not some use of XSLT/XPath to pick out parts of an XML document for signing. I think Mark's distinction is a good one. Marc > "Jim Schaad (Exchange)" wrote: > > I don't like this because I can't possibly know how to implement it. > > How does a program know if something is of the correct form? How do I know > what transformations have or have not been applied to the object since the > last time I dereferenced it. (For example that document on the web site > was base64 encoded and now is not.) > > jim >
Received on Wednesday, 17 November 1999 19:10:13 UTC