- From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
- Date: Tue, 03 Jul 2001 09:21:26 -0400
- To: "Dournaee, Blake" <bdournaee@rsasecurity.com>
- cc: w3c-ietf-xmldsig@w3.org, "'ilanzohar@yahoo.com'" <ilanzohar@yahoo.com>
I think running the canonicalization just once is fine. Generally here as in other partrs of the standard, you can use any technique that produces in the same result. It should probably be documented as being canonicalized once. Thanksk, Donald From: "Dournaee, Blake" <bdournaee@rsasecurity.com> Message-ID: <E7B6CB80230AD31185AD0008C7EBC4D2DAEEDB@exrsa01.rsa.com> To: "'Joseph M. Reagle Jr.'" <reagle@w3.org> Cc: w3c-ietf-xmldsig@w3.org, "'ilanzohar@yahoo.com'" <ilanzohar@yahoo.com> Date: Mon, 2 Jul 2001 20:53:37 -0700 >Hello, > >I had a question/comment about Section 3.2.1, Reference Validation. > >The steps listed are to be performed for each <Reference> element. Step 1 >says we should canonicalize <SignedInfo> first. > >Yet, if we do this for every <Reference> element we are running the >canonicalization algorithm N-1 extra times where N is >the number of <Reference> elements in <SignedInfo>. Shouldn't one run of >C14N be enough to canonicalize the signed info? Why do it every time? Are we >expecting the structure of <Reference> to change as we are validating the >signature? > > >Blake Dournaee >Toolkit Applications Engineer >RSA Security > >"The only thing I know is that I know nothing" - Socrates
Received on Tuesday, 3 July 2001 09:23:39 UTC