- From: John Boyer <jboyer@PureEdge.com>
- Date: Tue, 28 Mar 2000 09:18:36 -0800
- To: "Peter Lipp" <Peter.Lipp@iaik.at>
- Cc: "''IETF/W3C XML-DSig WG \(E-mail\) ' '" <w3c-ietf-xmldsig@w3.org>
Sorry Peter, but that's not an accurate paraphrase. It is quite important to be able to exclude certain elements, but that one requires a great deal of precision in identifying what must be excluded to ensure that you are excluding what you meant to exclude. Exclusion by id excludes an element based on the value of a single attribute, and this is not enough in most cases to accurately identify the information to be excluded, and to restrict one's exclusion to only that information. John Boyer Software Development Manager PureEdge Solutions, Inc. (formerly UWI.Com) Creating Binding E-Commerce jboyer@PureEdge.com -----Original Message----- From: w3c-ietf-xmldsig-request@w3.org [mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of Peter Lipp Sent: Tuesday, March 28, 2000 2:06 AM To: John Boyer Cc: ''IETF/W3C XML-DSig WG (E-mail) ' ' Subject: AW: Enveloped signatures and XPath Plonk - plonk - plonk (....peter is trying hard to keep that discussion from popping up every once in a while....... and fails....) > Exclusion by id is bad because you identify an element whose content WILL > NOT BE in the message digest, so if the identified element's content, tag, > attributes, etc. are changed, then the message digest will not break. Said in a generic way like you did just now, this is plain wrong. You said - Simplified - it is bad to exclude X because it is not included. Then - don't exclude it. And if you need to control X - like you do in your application - put it into your application logic and don't lay the burden on a generic signature system. Peter
Received on Tuesday, 28 March 2000 12:17:17 UTC