Re: Comments on 22 June Version... from Donald E. Eastlake 3rd on 2001-06-26 (w3c-ietf-xmldsig@w3.org from April to June 2001)

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Tue, 26 Jun 2001 07:37:16 -0400
To: "Joseph M. Reagle Jr." <reagle@w3.org>
cc: w3c-ietf-xmldsig@w3.org
Message-Id: <200106261137.HAA0000078863@torque.pothole.com>

Hi Joseph,

From:  "Joseph M. Reagle Jr." <reagle@w3.org>
Message-Id:  <4.3.2.7.2.20010625144353.00b28c30@localhost>
Date:  Mon, 25 Jun 2001 14:51:08 -0400
To:  "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc:  w3c-ietf-xmldsig@w3.org, Brian LaMacchia <bal@microsoft.com>
In-Reply-To:  <200106250252.WAA0000076188@torque.pothole.com>

>[
>        $Revision: 1.87 $ on $Date: 2001/06/25 18:50:34 $
>        http://www.w3.org/Signature/Drafts/xmldsig-core/Overview.html
>]
>
>At 22:52 6/24/2001, Donald E. Eastlake 3rd wrote:
>>Section 4.3.1: one occurance of "CanonicalizationMethod" has the
>></code> before, instead of after, the last letter.
>
>Fixed.
>
>>Section 4.3.3.2: In both the DTD and Schema, the "stylesheet" element
>>should occur in addition to the "XPath" element.
>
>I think you mean 4.3.3.4? We dropped the XLST element, <stylesheet> can be 
>included by the app.
>http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001AprJun/0025.html

Yes, I meant 4.3.3.4. I said nothing about an XSLT element.  There is
a sytlesheet element.  For consistency, "stylesheet" should appear in
the Schema for Transform.  Otherwise, what namespace is it in? Why
should this be the application's problem?

>>Section 4.4: The first three in the list of Type URIs is missing the
>>colon (":") after the "http".
>
>Fixed.
>
>>Maybe I'm just missing something but why, in 4.4.3, does it say that
>>keying information obtained by a RetrievalMethod "may need to be
>>canonicalized"? Even if the KeyInfo is signed, the signature is over
>>the RetrievalMethod element and content, not over what is retrieved,
>>right?
>
>I think this is because you "may" sign the data obtained by RetrievalMethod.

If you signed it, it would only be because it was pointed at by a
Reference. The signing of it would have nothing to do with
RetrievalMethod.  This wording is confusing and should drop references
to canonicalization.

>>Section 4.4.5: Seems a bit odd in just saying that PGPKeyID is a
>>string.  Actually, I belive, PGPKeyID's are 8 octet binary quantities
>>so it would seem like it should say they are Base64 encoded...
>
>I'm not sure. Brian?
>
>>Section 7.3: At the end, the last points two numbered don't seem
>>connected to the rest of the text.  Suggest preceeding them with "To
>>avoid these problems, applications may need to:" or the like.
>
>Done.
>
>--
>Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
>W3C Policy Analyst                mailto:reagle@w3.org
>IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
>W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Thanks,
Donald

Received on Tuesday, 26 June 2001 07:38:10 UTC