comments on current xml dsig draft

Hello,

I had a question/comment about Section 3.2.1, Reference Validation.

The steps listed are to be performed for each <Reference> element. Step 1
says we should canonicalize <SignedInfo> first. 

Yet, if we do this for every <Reference> element we are running the
canonicalization algorithm N-1 extra times where N is
the number of <Reference> elements in <SignedInfo>. Shouldn't one run of
C14N be enough to canonicalize the signed info? Why do it every time? Are we
expecting the structure of <Reference> to change as we are validating the
signature?



Blake Dournaee
Toolkit Applications Engineer
RSA Security
 
"The only thing I know is that I know nothing" - Socrates
 
 

Received on Monday, 2 July 2001 23:50:30 UTC