- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Fri, 19 Nov 1999 08:25:56 -0500
- To: david.solo@citicorp.com
- Cc: jboyer@uwi.com, w3c-ietf-xmldsig@w3.org
At 08:46 99/11/19 -0500, david.solo@citicorp.com wrote: >The only assertion made by the signature is that that exact collection of >bytes, paragraph X, was signed. The fact that paragraph X was extracted from >document Y is in no way cryptographically assured by the XML signature unless I >include object references both to paragraph X and to document Y (and perform >additional external validation). I believe there are two other "orthogonal" assertions: 1. There is a set of documents that when processed via the specified chain of transforms will yield DigestContent. 2. At some point in time, the document obtained by dereferencing the URI was a member of that set. One does not need to "confirm" either of these assetions to have a valid signature. _________________________________________________________ Joseph Reagle Jr. Policy Analyst mailto:reagle@w3.org XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Friday, 19 November 1999 09:26:14 UTC