signature overview question/comment

Hi, 

At section 2.0 there's a simplified overview of DSIG structure:

<Signature> 
     <SignedInfo>
       (CanonicalizationMethod)
       (SignatureMethod)
       (<Reference (URI=)? >
         (Transforms)?
         (DigestMethod)
         (DigestValue)
       </Reference>)+
     </SignedInfo>
     (SignatureValue) 
    (KeyInfo)?
    (Object)*
</Signature>

I think this text is pretty old, definitely before I first looked at the
draft. So I have some questions, and please excuse me if this was discussed
already (probably long ago) on the list:
1. Is this a common format?
2. Is there a reason that some tags are given as tags, e.g. SignedInfo,
while others are without the brackets, e.g. SignatureValue? 
3. Is there a reason that some mandatory elements are in parenthesis, e.g.
CanonicalizationMethod, while others are not, e.g. SignedInfo?
4. Is it correct that when a parenthesis is closed without "?", "+" or "*",
then the element should appear exactly once? If so, it may be clearer to use
a sign for `appear exactly once`, e.g. the numeral 1. Or better yet simply
not put such element in parenthesis. 

Just in case all the above points are simply minor mistakes, here's a
potential new text:

<Signature> 
     <SignedInfo>
       <CanonicalizationMethod>
       <SignatureMethod>
       (<Reference (URI=)? >
         (<Transforms>)?
         <DigestMethod>
         <DigestValue>
       </Reference>)+
     </SignedInfo>
     <SignatureValue>
    (<KeyInfo>)?
    (<Object>)*
</Signature>

Best regards, 
Amir Herzberg
CTO, NewGenPay Inc.  
http://www.newgenpay.com/Amir/Herzberg.htm
SMS (urgent only!): _subject_ of email to aherzberg@walla.co.il

Received on Tuesday, 14 August 2001 08:16:26 UTC