RE: Manually Signed Digest as an XML signature type from Barb Fox on 2000-06-06 (w3c-ietf-xmldsig@w3.org from April to June 2000)

From: Barb Fox <bfox@Exchange.Microsoft.com>
Date: Mon, 5 Jun 2000 17:13:29 -0700
To: "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: <tgindin@us.ibm.com>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <96BABA22ECEAEA45B53D08D63E1B567826F162@DF-SPIKE.platinum.corp.microsoft.com>

Joseph:

Your definition of KeyInfo is information related to the generation of
the signature. 
Mine is that KeyInfo is information required by the verifier of a
signature.  There are several forms, like KeyName, that illustrate that
it's not intended to be used in the generation of a signature. 

Also, in your choice between: 

"A. Non cryptographic electronic signatures should place their
"validating"
information in SignatureProperties, or
B. Non cryptographic electronic signatures can not use XML Signature
syntax
what-so-ever. (Specifying this would be difficult as we would then have
to
enumerate all the algorithms that may be used, or all those that may
not,
and it's difficult to enforce.)"

I believe we should clearly state that compliance with this standard
requires that a cryptographic signature MUST be generated (or verified.)
If the producer of a cryptographically signed XML document wishes to add
an electronic signature, it should be included as a SignatureProperty.  

--Barb

Received on Monday, 5 June 2000 20:29:43 UTC