- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Tue, 07 Nov 2000 15:21:37 -0500
- To: Ken Goldman <kgold@watson.ibm.com>
- Cc: w3c-ietf-xmldsig@w3.org
At 16:27 11/6/2000 -0500, Ken Goldman wrote: >I would like to see if I understand the paragraph in 2.3 beginning >"Second ...". This says that a Manifest can be used for efficiency >when a large number of documents (Reference elements?) are being >signed by many signers. Hi Ken, I believe you are correct. >I think that this efficiency comes about because the large Manifest >can be hashed once, with the result being put into the SignedInfo >block. The multiple signers only need hash the smaller SignedInfo >block. > >I think this is only true if: > >1 - the multiple signers trust each other > > Otherwise, they must each dereference the URI's and hash the > Reference's in the Manifest plus hash the Manifest itself, which > would actually be very slightly less efficient. Yes, as stated in the first paragraph, another feature of the Manifest is that it doesn't enforce reference validation. So if the app does want to validate them all, he would actually have N+1+1 hashes (the objects, the manifest itself, and signed info) versus N+1 hashes (the objects and signed info). However, the size of all the signatures combined (what I was thinking of) would be smaller using the manifest. (Because you don't have to duplicate all the References, the occur in a single Manifest which is Referenced each time.) >2 - the multiple signers cannot cooperate other than passing an >XML document among them. > > Otherwise, the first signer could calculate the hash of a large > SignedInfo block and pass this hash to the other signers, which > would again be more efficient than using a Manifest. > >Is this correct? I'm not sure if your 1 and 2 are AND or OR. If I understand this correctly, if the three Signature are unable to jointly refer to a single Manifest, it doesn't save them much by way of space. __ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Tuesday, 7 November 2000 15:22:41 UTC