- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Thu, 05 Oct 2000 19:34:05 -0400
- To: TAMURA Kent <kent@trl.ibm.co.jp>
- Cc: w3c-ietf-xmldsig@w3.org
At 16:32 10/5/2000 +0900, TAMURA Kent wrote: >I still have strangeness. Ok, thanks for staying with me on this, but I still feel we're not on the same path. >In your scenario, signature >applications can not get correct meaning of a KeyInfo only from >the KeyInfo itself. Ok, let me restate the scenario: Forget about KeyInfo for the time being. In order for applications to do signature validation (3.2.2) it must use the specified SignatureMethod algorithm identifier. Since that is part of SignedInfo, and SignedInfo is potentially altered by CanonicalizeMethod before it is signed, signature validation should see the canonicalized form of the SignatureMethod algorithm identifier. __ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Thursday, 5 October 2000 19:34:14 UTC