RE: Signature definitions from John Boyer on 2000-01-10 (w3c-ietf-xmldsig@w3.org from January to March 2000)

From: John Boyer <jboyer@uwi.com>
Date: Mon, 10 Jan 2000 15:48:55 -0800
To: "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: "DSig Group" <w3c-ietf-xmldsig@w3.org>
Message-ID: <NDBBLAOMJKOFPMBCHJOIAEPCCCAA.jboyer@uwi.com>

It should also be noted that, according to the current spec [1], a signature
can be enveloping, enveloped and detached all at the same time.

SignedInfo can have multiple References, some of which refer to enveloping
Object elements in the Signature, some of which refer to elements outside of
the signature and possible in other documents (detached), and some of which
refer to an ancestor element of the signature (enveloped signature
(signature is enveloped by content it signs)).

[1] http://www.w3.org/TR/2000/WD-xmldsig-core-20000104/

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company

-----Original Message-----
From: w3c-ietf-xmldsig-request@w3.org
[mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of Joseph M. Reagle
Jr.
Sent: Monday, January 10, 2000 1:32 PM
To: John Boyer
Cc: DSig Group
Subject: Re: Signature definitions

At 09:45 00/01/10 -0800, John Boyer wrote:
 >These comments are based on the text in [1].
 >
 >[1] http://www.w3.org/TR/2000/WD-xmldsig-core-20000104/
 >
 >The definition for Enveloping Signature seems too constraining.  Current
 >definition:
 ...
 >SIGNATURE, ENVELOPING: The signature is over content found within the
 >signature itself in an Object element. The Object is typically identified
by
 >IDREF (though a transform could be used), and the enveloping Signature
 >element is typically used to provide the root document element.

I agree with your point here.

 >The definition of detached signature also seems too constraining.  Current
 >definition:
 >
 >The signature is over external content identified via a URI. Cosequently,
 >the signature is "detached" from the content it signs.

Ok, when I wrote these I was thinking if you used a URI to some other
resource, it was obviously a detached signature, if it was in the same
document it was either enveloped or enveloping:

<enveloped>
  <signature/>
</envoloped>

<signature>
  <object>
      <enveloping/>
  </object>
</signature>

You are speaking of the case of

<some element>
   <signature/>
   <signedobject/>
</some element>

Even though they are in the same document, I think I agree that the best
match (instead of creating a new name for it) would be to call it a detached
signature -- even though they appear in the same document.

 >SIGNATURE, DETACHED: The signature is over content external to the
Signature
 >element, which can be identified via a URI, IDREF, or transform.
 >Consequently, the signature is "detached" from the content it signs.

_________________________________________________________
Joseph Reagle Jr.
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://www.w3.org/People/Reagle/

Received on Monday, 10 January 2000 18:52:22 UTC