AW: Enveloped signatures and XPath from Peter Lipp on 2000-03-28 (w3c-ietf-xmldsig@w3.org from January to March 2000)

From: Peter Lipp <Peter.Lipp@iaik.at>
Date: Tue, 28 Mar 2000 12:05:58 +0200
To: "John Boyer" <jboyer@PureEdge.com>
Cc: "''IETF/W3C XML-DSig WG \(E-mail\) ' '" <w3c-ietf-xmldsig@w3.org>
Message-ID: <NDBBLDEHJKOODMJCNBNCMEIGDIAA.Peter.Lipp@iaik.at>

Plonk - plonk - plonk

(....peter is trying hard to keep that discussion from popping up every once
in a while....... and fails....)

> Exclusion by id is bad because you identify an element whose content WILL
> NOT BE in the message digest, so if the identified element's content, tag,
> attributes, etc. are changed, then the message digest will not break.

Said in a generic way like you did just now, this is plain wrong.

You said - Simplified - it is bad to exclude X because it is not included.

Then - don't exclude it.

And if you need to control X - like you do in your application - put it into
your application logic and don't lay the burden on a generic signature
system.

Peter

Received on Tuesday, 28 March 2000 05:07:21 UTC