- From: Frederick J. Hirsch <hirsch@caveosystems.com>
- Date: Sun, 21 Jan 2001 16:06:21 -0500
- To: <w3c-ietf-xmldsig@w3.org>
The XML Digital Signature recommendation is an excellent document, and improves tremendously with each versions. I have a few questions, just clarifications: 1) I assume a Manifest is not required to be within a Signature element. If a Manifest is within a Signature element it must be within an Object element, but not otherwise. This allows a Manifest to be included in multiple signatures, as discussed in section 2.3 (Extended Example). Ignoring namespaces and content: <document> <Signature>,,,<Reference URI=#Manifest Type="http://www.w3.org/2000/09/xmldsig#Manifest">... </Reference></Signature> <Signature>,,,<Reference URI=#Manifest Type="http://www.w3.org/2000/09/xmldsig#Manifest">... </Reference></Signature> <Signature>,,,<Reference URI=#Manifest Type="http://www.w3.org/2000/09/xmldsig#Manifest">... </Reference></Signature> <Manifest Id=> <Reference>...</Reference> <Reference>...</Reference> ... </Manifest> </document> 2) In 4.3.2 on the SignatureMethod,the specification states "While there is a single identifier, that identifier may specify a format containing multiple distinct signature values". I'm not sure what this sentence is trying to say. Does it simply mean that the signature values will vary for an algorithm based on the input? Is there an example of what this is getting at 3) The KeyInfo section mentions a rawX509Certificate type, but this is not referenced in the KeyInfo schema. Should it be one of the choices? Wouldn't the X509Data element with the X509Certificate contain a base64 encoded binary certificate value as well? 4) A minor typo in 4.4, KeyInfo, 3rd paragraph: octect should be octet (end of paragraph). < Frederick
Received on Sunday, 21 January 2001 15:59:32 UTC