Re: XML Signatures and binary files from merlin on 2001-05-22 (w3c-ietf-xmldsig@w3.org from April to June 2001)

From: merlin <merlin@baltimore.ie>
Date: Tue, 22 May 2001 18:07:53 +0100
To: "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>, "Dournaee, Blake" <bdournaee@rsasecurity.com>, w3c-ietf-xmldsig@w3.org
Message-Id: <20010522170753.629A243CF1@yog-sothoth.ie.baltimore.com>

r/reagle@w3.org/2001.05.22/12:42:50
>We could
>1. remove those two and use attribute "Type", and say it has the same 
>behavior as that in Reference.
>2. maintain these two attributes, and say Encoding is the encoding of the 
>Object content, MimeType is the mime-type of the data object (independent of 
>its present encoding). All of this information continues to be advisory and 
>when this information is necessary to processing we recommend it be 
>explicitly specified via the Reference element and its Type attribute and 
>Transform children (e.g., decoding).
>
>I prefer option 2 since it doesn't require us to change the DTD/schema.

My comments regarding the attributes simply concern the fact that they
duplicate information that is provided elsewhere (Object.MimeType =~
Reference.Type and Object.Encoding =~ Reference.Transforms) which may
lead to inconsistency, and they are redundant in the majority of cases
(non-data content). However, they are optional and unenforced, so
any redundancy or inconsistency is of little practical import.

My expression of what we could do is:

1. Simply remove the two and any text about them. The remaining text
already states that the object may contain any data, which is sufficient
(cf SignatureProperty).
2. Leave everything as it is, because despite their redundancy there
is no practical consequence of their misuse, and the text is fine.

Inertia clearly favours 2. If you stuck a probe in my skull, 1 would
glow faintly, but it is of no concern.

Merlin


-----------------------------------------------------------------------------
Baltimore Technologies plc will not be liable for direct,  special,  indirect 
or consequential  damages  arising  from  alteration of  the contents of this
message by a third party or as a result of any virus being passed on.

In addition, certain Marketing collateral may be added from time to time to
promote Baltimore Technologies products, services, Global e-Security or
appearance at trade shows and conferences.

This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.
   http://www.baltimore.com

Received on Tuesday, 22 May 2001 13:08:24 UTC