- From: Gregor Karlinger <gregor.karlinger@iaik.at>
- Date: Sat, 9 Jun 2001 13:44:47 +0200
- To: "Joseph M. Reagle Jr." <reagle@w3.org>, "Donald E. Eastlake 3rd" <lde008@dma.isg.mot.com>
- Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Joseph,
> True, I was confusing the issue, I clarified that and tweaked the
> example as
> well.
>
> [
> $Revision: 1.70 $
>
> http://www.w3.org/Signature/Drafts/xmldsig-core/Overview.html#sec-
> NamespaceContext
>
> ]
1. I think the second issues mentioned by Donald,
"The wording talks only of divorcing the signed XML from its context on
validation but it is an equally important consideration on
generation. The removal of old context can break things just as badly
as adding new context. In fact, for signatures to interoperate, the
generator and validator have to somehow agree on this. Otherwise, the
divorcing from context by the validator but not the generator can
break a signature even if the "envelope" hasn't
changed. Interoperability would be easier if this was explicitly
specified."
is still not covered by the current text.
2. Shouldn't it be a choice between steps (1) and (2) in the text? Currently
it reads as if both steps (1) and (2) must be applied.
Liebe Gruesse/Regards,
---------------------------------------------------------------
DI Gregor Karlinger
mailto:gregor.karlinger@iaik.at
http://www.iaik.at
Phone +43 316 873 5541
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------
Received on Saturday, 9 June 2001 07:45:35 UTC