- From: Jared Jonas <JJonas@iLumin.com>
- Date: Thu, 24 May 2001 12:36:48 -0400 (EDT)
- To: "'w3c-ietf-xmldsig@w3.org'" <w3c-ietf-xmldsig@w3.org>
Step 1 and the "Note" should be moved to section 3.2.2. The reference to "SignedInfo" in step 4 should be removed. I recommend that a new step be added to state the necessary application of any Transforms included in the Reference. I have included section 3.2.1 for reference: W3C Candidate Recommendation 19-April-2001 3.2.1 Reference Validation For each Reference in SignedInfo: Canonicalize the SignedInfo element based on the CanonicalizationMethod in SignedInfo. Obtain the data object to be digested. (The signature application may rely upon the identification (URI) and Transforms provided by the signer in the Reference element, or it may obtain the content through other means such as a local cache.) Digest the resulting data object using the DigestMethod specified in its Reference specification. Compare the generated digest value against DigestValue in the SignedInfo Reference; if there is any mismatch, validation fails. Note, SignedInfo is canonicalized in step 1 to ensure the application Sees What is Signed, which is the canonical form. For instance, if the CanonicalizationMethod rewrote the URIs (e.g., absolutizing relative URIs) the signature processing must be cognizant of this.
Received on Wednesday, 30 May 2001 12:38:59 UTC