- From: Ken Goldman <kgold@watson.ibm.com>
- Date: Mon, 6 Nov 2000 16:27:02 -0500
- To: w3c-ietf-xmldsig@w3.org
I would like to see if I understand the paragraph in 2.3 beginning
"Second ...". This says that a Manifest can be used for efficiency
when a large number of documents (Reference elements?) are being
signed by many signers.
I think that this efficiency comes about because the large Manifest
can be hashed once, with the result being put into the SignedInfo
block. The multiple signers only need hash the smaller SignedInfo
block.
I think this is only true if:
1 - the multiple signers trust each other
Otherwise, they must each dereference the URI's and hash the
Reference's in the Manifest plus hash the Manifest itself, which
would actually be very slightly less efficient.
2 - the multiple signers cannot cooperate other than passing an
XML document among them.
Otherwise, the first signer could calculate the hash of a large
SignedInfo block and pass this hash to the other signers, which
would again be more efficient than using a Manifest.
Is this correct?
--
Ken Goldman kgold@watson.ibm.com 914-784-7646
Received on Monday, 6 November 2000 16:27:05 UTC