- From: John Boyer <JBoyer@PureEdge.com>
- Date: Thu, 31 May 2001 09:13:35 -0700
- To: "Gregor Karlinger" <gregor.karlinger@iaik.at>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
- Cc: <w3c-ietf-xmldsig@w3.org>
Hi Gregor and Donald, Obviously, I would be an advocate for adding an XPath transform to the C14N transform. I proposed this at our third FtF, but it made some people nervous at the time (and I can understand that; better safe than sorry). However, I think we all know now that the procedure is quite safe provided the following additional step is taken: after a c14n transform's xpath transform, add an implicit transform that ensures the signature element and all of its descendant elements, attributes, and at least the xmldsig namespace are in the resultant node-set. W.r.t. the problem you are trying to solve, this limits the scope of the XPath to namespace filtering, but with same document signatures, it eliminates the need to have a separate Reference, do a double hash calculation, etc. Cheers, John Boyer
Received on Thursday, 31 May 2001 12:14:08 UTC