draft-ietf-xmldsig-core-04 question

I don't understand the following statements from sections 4.2 and 4.4.  Section 4.2 states:

"The ability to define a SignatureMethod and SignatureValue pair which includes multiple distinct signatures is explicitly permitted (e.g."rsawithsha-1 and ecdsawithsha-1")."

Since the schema and DTD indicate that there must be one SignatureMethod and one SignatureValue how does this work?  Section 4.3.2 also mentions "multiple, distinct signature values" but provides no clarification as to how this is done using the defined structures.  

Section 4.4 states:

"KeyInfo is an optional element which enables the recipient(s) to obtain the key(s) needed to validate the signature. If omitted, the recipient is expected to be able to identify the key based on application context information. Multiple declarations within KeyInfo refer to the same key."

If multiple references must refer to the same key then "key(s)" should be changed to "key".  This conflicts with the use of multiple signature values.

Also, there are a few references that need to be updated:

    - sections 4.3.1, 4.3.2 and 4.3.3.2 refer to Section 5.1 where they should refer to 6.1
    - section 4.3.3.1 refers to Section 5-6 where it should refer to 6.6


Carl Wallace   
CygnaCom Solutions

Received on Monday, 21 February 2000 08:36:18 UTC