Re: SignedInfo Type Attribute from Donald E. Eastlake 3rd on 1999-12-20 (w3c-ietf-xmldsig@w3.org from October to December 1999)

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Mon, 20 Dec 1999 09:00:45 -0500
To: Gregor.Karlinger@iaik.at, <w3c-ietf-xmldsig@w3.org>
Message-Id: <199912201400.JAA12327@torque.pothole.com>

I do not understand what problem you see.  Core signature
verification, in the example you give, would require that the Manifest
be fetched, digested, and this digest checked again the DigestValue in
Reference in SignedInfo.  In that regard it is of no partciular
significant that it happens to be a Manifest as opposed to plain data.
However, many applications will want to further vefify the digests
inside Manifests, perhaps recursively to many levels.

Donald


From:  Gregor Karlinger <Gregor.Karlinger@iaik.at>
Message-ID:  <385E0E76.4DF32276@iaik.at>
Date:  Mon, 20 Dec 1999 12:09:42 +0100
Organization:  IAIK
To:  "Joseph M. Reagle Jr." <reagle@w3.org>, David Solo <dsolo@alum.mit.edu>,
            Donald Eastlake <dee3@torque.pothole.com>
CC:  ML W3C XML-Signature <w3c-ietf-xmldsig@w3.org>

>I have a question regarding the SignedInfo "Type" attribute:
>
>In the latest draft version (19991217) section 2.3 asserts the
>following:
>
>"The optional Type attribute provides information about the content of
>the
> resource identified by URI/IDREF. In particular, it can indicate that
>it
> contains a SignatureProperties, Manifest, or Package element."
>
>If the ressource is identified by an IDREF, I think there is no problem.
>
>But what happens if the ressource is part of an XML document and is
>identified by means of an URI and a XPath Transform? Is this possible
>at all? If yes, what does the assignment of the "Type" attribute mean
>in that case?
>
>Example:
>
>...
><Signature>
>...
>      <Reference URI="" Type="&dsig;/Manifest">
>        <Transforms>
>          <Transform
>Algorithm=="http://www.w3.org/TR/1999/REC-xpath-19991116">=20
>             AnyXPathTransformSelectingAManifestElement
>          </Transform>
>        </Transforms>
>...
></Signature>
>... =20
>
>Regards, Gregor
>
>--=20
>---------------------------------------------------------------
>Gregor Karlinger
>mailto://gregor.karlinger@iaik.at
>Institute for Applied Information Processing and Communications
>Austria
>---------------------------------------------------------------

Received on Monday, 20 December 1999 09:00:58 UTC