- From: Richard D. Brown <rdbrown@Globeset.com>
- Date: Thu, 2 Dec 1999 19:07:08 -0600
- To: "'Donald E. Eastlake 3rd'" <dee3@torque.pothole.com>, "'Pete Chown'" <Pete.Chown@skygate.co.uk>
- Cc: <w3c-ietf-xmldsig@w3.org>
> >4. I am not sure why the digest values are included in the XML. > > > >When verifying the signature you have to recalculate the digest > >values anyway, so is there any point in including them in the > >document? > > This is an interesting point no one has brought up before. Two > reasons come to mind immediately: > > (1) So you can distinguish between the signature getting corrupted and > the data getting corrupted or not being properly located or decoded. > > (2) In the case of Manifest's, with the current syntax, so you can > validate the hash over the Manifest without having to fetch all the > data. This is required in many scenarios. > This feature is intended for supporting verification of composite documents. Many protocols, such as IOTP, exchange only parts of a signed document. In other words, the signature authenticates a sequence of assertions, each being verifiable independently. Richard D. Brown
Received on Thursday, 2 December 1999 20:04:44 UTC