- From: John Boyer <jboyer@uwi.com>
- Date: Wed, 17 Nov 1999 16:47:42 -0800
- To: "Jim Schaad (Exchange)" <jimsch@Exchange.Microsoft.com>
- Cc: "DSig Group" <w3c-ietf-xmldsig@w3.org>
Hi Jim, > <John> > Are you saying that it's not that important that we sign the > actual data > that a person using a private key actually wanted to sign??? > </John> Yes and No. I agree that it is important to sign the data, however signing a digest of the data, and thus signing the original data indirectly, is not a problem. If you look at CMS, given that most people include authenticated attribute, you never actually sign the data. You sign the digest of the data and the authenticated attributes. <John> Yikes! Validating the digest of a resource is not enough. If the resource changes, the signature should break. </John> As my previous mail has stated. Location is a hint for where the document is. It is not the be-all and end-all for locating the document. If the application wants to enforce that this is the only location -- that is fine. If the application wants to say that the data is someplace else -- that is fine. The fact that you update the document at a URL location will not allow you to repudiate the fact that you signed the document. I can cache the document locally and take that copy into court when attempting to enforce your signature. <John> It's not a hint right now! How is core behavior, independent of application-specific behavior, going to validate a given signature if it does not know how to dereference a location. It cannot depend on application specific caching mechanisms. </John> jim
Received on Wednesday, 17 November 1999 19:48:40 UTC