- From: John Boyer <jboyer@uwi.com>
- Date: Sat, 20 Nov 1999 10:07:25 -0800
- To: "Peter Lipp" <Peter.Lipp@iaik.at>, <w3c-ietf-xmldsig@w3.org>
- Message-ID: <NDBBLAOMJKOFPMBCHJOIOEFFCCAA.jboyer@uwi.com>
> >If Date(signed document) < MMDDYYYY, then > > http://www.CompanyA.com/documentD -> > http://www.CompanyB.com/documentD > >else http://www.CompanyA.com/documentD -> > http://www.CompanyA.com/documentD > If both companies had used from the beginning: > http://www.companyA.com/documentD.MMDDYYYY > the whole problem is nonexistent. If you use the location as a > location, what would it buy you in your example? The signature still > breaks and you still have no solution to solve the problem.... > <John> In the solution I'm proposing, those who expect Location to move would omit Location from the SignedInfo message so that it can be changed without breaking the signature. </John> > >Can you actually write another letter telling me why *this* > >interoperability situation is just a figment of my imagination? > > >Because there does seem to be a relatively easy fix, > > and I can't figure out why this is such a big deal > >(so it would be nice to actually discuss that too). > Still, location as a hint does not hurt here and the only real fix I > see is to properly use URL's. > <John> Yes, one real fix is to use URLs, which is what we're saying should be done. Another real fix would be to completely abandon the idea that core behavior should have anything to do with externally located resources. See the end of http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/1999OctDec/0311.html for a description of how much simpler our task would be if we totally pushed everything to do with resource location off to the application. I like this because at least the application-specific logic requirement has something to do with the needs of the application. John Boyer Software Development Manager UWI.Com -- The Internet Forms Company </John> > Peter >
Received on Saturday, 20 November 1999 13:08:53 UTC