- From: Martin J. Duerst <duerst@w3.org>
- Date: Tue, 12 Sep 2000 11:19:54 +0900
- To: "John Boyer" <jboyer@PureEdge.com>, "Jonathan Marsh" <jmarsh@microsoft.com>, <w3c-ietf-xmldsig@w3.org>
- Cc: <w3c-xsl-wg@w3.org>
At 00/09/11 17:03 -0700, John Boyer wrote: ><jonathan> >No, the fact that XPath permits application-dependent behavior means only >that the plenary has forced it (along with all other groups) to accept >application-depedent behavior. ></jonathan> > ><john>Right, and as an application of XPath, we are choosing the behavior >that is most appropriate to our application. No matter how much the plenary >wants to force things on dsig, there is nothing they can do to change the >behavior of a sha-1 hash. We MUST have a single behavior, therefore we MUST ></john> No, if you follow the recommendation of the plenary (which I think you should do), then the right way is to say that relative URI's behaviour is undefined, and that they therefore should not be used for signatures. C14N applications may/should/must issue a warning when they find one of these when the are used to prepare for signing. Regards, Martin.
Received on Monday, 11 September 2000 22:31:02 UTC