- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Thu, 13 Apr 2000 16:28:31 -0400
- To: "John Boyer" <jboyer@PureEdge.com>
- Cc: <Chris_Smithies@penop.com>, "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
At 12:36 00/04/12 -0700, John Boyer wrote: >Actually, I think both Chris and Joseph are right; they are coming from >different points of view that are not irreconcilable. I thought so as well. However, I just re-encountered the text: While the signing application should be very careful about what it signs (it should understand what is in the SignatureProperty) a receiving application has no obligation to understand that semantic (though its parent trust engine may wish to). [1] http://www.w3.org/TR/2000/WD-xmldsig-core-20000228/#sec-o-SignatureProperty The nice thing about my proposal/example is that the signature need not even be aware of the application semantics. Now there really shouldn't be any difference between stuff in the application data, and stuff in SignatureProperty. When I wrote the text above, I wasn't sure about it (I hoped to get comments) and I'm beginning to think that the Signature application need not understand any of the content in SignatureProperty. Not sure though. I think the difference might be that when the application in [2] signs, it is obviously aware of its semantic. As I said in my last email, "In my example, the application and the signer are the same (or at least both are present at time of application XML and signature generation), though I know this isn't always the case." [3] Possible text: - An application should always understand the semantics of its application data, particularly when it makes an assertion (assuredby) and binds it. A Signature application need never understand application data, be it in SignatureProperty or anywhere else. [2] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000AprJun/0040.html [3] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000AprJun/0052.html _________________________________________________________ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Thursday, 13 April 2000 16:28:37 UTC