- From: Petteri Stenius <Petteri.Stenius@remtec.fi>
- Date: Wed, 10 May 2000 11:35:26 +0300
- To: "IETF/W3C XML-DSig WG (E-mail)" <w3c-ietf-xmldsig@w3.org>
I have a few comments on the discussion in [1] at the Victoria FTF.
I believe enveloped (aka. embedded) signatures will be a very common
scenario of applying XML signatures, and for this reason it should be simple
to support them in implementations.
XPath transformation is very powerful, but implementing it is awkward and it
may be left out of implementations because it is not mandatory and for
security or other reasons.
The result of the current XPath transform definition is something that (in
my opionion) cannot easilly be produced without actually fully implementing
XPath.
A suggestion:
6.6.5 Signature Exclusion
Identifier:
http://www.w3.org/2000/02/xmldsig#exclude-signature
The transform excludes the ancestor Signature element of the DigestValue
element that is being calculated. The intention is to support enveloped
signatures where the DigestValue calculation would overlap with itself.
[1]
http://www.w3.org/Signature/Minutes/000420-Victoria/Overview.html#Identifier
More references to discussion on this topic:
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000JanMar/0274.html
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000JanMar/0286.html
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000JanMar/0287.html
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000JanMar/0296.html
--
Petteri Stenius Petteri.Stenius@remtec.fi
Remtec Systems, Ltd. Office +358-9-5259240
Fax +358-9-52592411
http://www.remtec.fi/ Mobile +358-50-5506161
Received on Wednesday, 10 May 2000 04:35:30 UTC