- From: Greg Whitehead <gwhitehead@signio.com>
- Date: Wed, 24 Nov 1999 11:23:45 -0800
- To: "'Chris Smithies'" <Chris_Smithies@penop.com>, rhimes@nmcourt.fed.us
- Cc: w3c-ietf-xmldsig@w3.org
> Yes: it seems simple to me. Have a Location which the core > can use to fetch the document for verification; but don't > include the Location in SignedInfo, otherwise moving the > document breaks the signature (at least, as far as the core > is concerned). We can provide an option for Location to appear outside of SignedInfo, but it must also be possible to include it. Just as there are applications that require document mobility, there are others that require location (which should really be thought of as identity -- the hint argument) to be locked down. -Greg -----Original Message----- From: Chris Smithies [mailto:Chris_Smithies@penop.com] Sent: Wednesday, November 24, 1999 10:47 AM To: rhimes@nmcourt.fed.us Cc: w3c-ietf-xmldsig@w3.org Subject: Re:RE: Locations but not Transforms as hints Yes: it seems simple to me. Have a Location which the core can use to fetch the document for verification; but don't include the Location in SignedInfo, otherwise moving the document breaks the signature (at least, as far as the core is concerned). Then, if the document changes location, simply change the Location field accordingly. Isn't it as simple as that? Why, when no other kind of electronic signature is invalidated by changing the document's location, should XML signatures be any different? I can't see why. Perhaps some kind and patient person could explain to me what I am missing here.
Received on Wednesday, 24 November 1999 14:23:50 UTC