- From: Gregor Karlinger <Gregor.Karlinger@iaik.at>
- Date: Tue, 11 Jan 2000 16:48:24 +0100
- To: John Boyer <jboyer@uwi.com>
- CC: DSig Group <w3c-ietf-xmldsig@w3.org>
- Message-ID: <387B50C8.5C3407E6@iaik.at>
John Boyer wrote: ... > Presumably, there is great emphasis on the word 'may'. The word should be > MUST, and the paragraph in Section 7.1 should be removed. Otherwise, you > should take the transforms out since they are useless. 6.2.2 should read: > > 6.2.2 Reference Validation > For each object reference in SignedInfo, obtain digested content (this MUST > be obtained by locating object and applying Transforms to the specified > resource based on each Reference(s) in the SignedInfo element. Each > transform is applied in order from left to right to the object with the > output of each transform being the input to the next.). I disagree with that. Please remember the discussion a few weeks ago concerning "location as a hint". The result of that discussion can be found for instance in the following paragraph of section 2.3 of [1]: "This identification, along with the transforms, are a description provided by the signer on how to obtain the signed resource in the form it was digested (i.e. the digested content). The verifier (i.e., relying party) may obtain the digested content in another method so long as the digest verifies. In particular, the verifier may obtain the content from a different location (particularly a local store) other than that specified in the URI/IDREF." [1] http://www.w3.org/TR/2000/WD-xmldsig-core-20000104/ -- --------------------------------------------------------------- Gregor Karlinger mailto://gregor.karlinger@iaik.at Institute for Applied Information Processing and Communications Austria ---------------------------------------------------------------
Received on Tuesday, 11 January 2000 10:49:22 UTC