Re: 3.2.1 Reference Validation - Section has been confused with Signa ture Validation from Joseph M. Reagle Jr. on 2001-06-01 (w3c-ietf-xmldsig@w3.org from April to June 2001)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Fri, 01 Jun 2001 18:38:46 -0400
To: Jared Jonas <JJonas@iLumin.com>
Cc: "'w3c-ietf-xmldsig@w3.org'" <w3c-ietf-xmldsig@w3.org>
Message-Id: <4.3.2.7.2.20010601183520.01f16800@localhost>

Hi Jared, thank you for your comments. My comments are on:
        http://www.w3.org/Signature/Drafts/xmldsig-core/Overview.html#sec-Processing
At 12:36 5/24/2001, Jared Jonas wrote:
>Step 1 and the "Note" should be moved to section 3.2.2.

Why? This is there because of "See What You Sign" and to do the Reference 
validation, you need to make sure you are validating the references as they 
were signed.

>The reference to "SignedInfo" in step 4 should be removed.

You mean "the SignedInfo Reference"?

>I recommend that a new step be added to state the necessary application of
>any Transforms included in the Reference.

3.2.1 step 2 says, "Obtain the data object to be digested. (The signature 
application may rely upon the identification (URI) and Transforms provided 
by the signer"

--
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Friday, 1 June 2001 18:38:54 UTC