RE: signature overview question/comment from Dournaee, Blake on 2001-08-14 (w3c-ietf-xmldsig@w3.org from July to September 2001)

From: Dournaee, Blake <bdournaee@rsasecurity.com>
Date: Tue, 14 Aug 2001 11:50:42 -0700
To: "'Amir Herzberg'" <AMIR@newgenpay.com>, "Dsig (E-mail)" <w3c-ietf-xmldsig@w3.org>
Message-ID: <E7B6CB80230AD31185AD0008C7EBC4D2DAF068@exrsa01.rsa.com>

Amir,

I believe the notation in the XML dsig draft comes from the XML 1.0
Recommendation. See http://www.w3.org/TR/REC-xml, Section 6. The notation
used is quite standard and is a simplified EBNF grammar. 


Blake Dournaee
Toolkit Applications Engineer
RSA Security
 
"The only thing I know is that I know nothing" - Socrates
 
 


-----Original Message-----
From: Amir Herzberg [mailto:AMIR@newgenpay.com]
Sent: Tuesday, August 14, 2001 5:16 AM
To: Dsig (E-mail)
Subject: signature overview question/comment


Hi, 

At section 2.0 there's a simplified overview of DSIG structure:

<Signature> 
     <SignedInfo>
       (CanonicalizationMethod)
       (SignatureMethod)
       (<Reference (URI=)? >
         (Transforms)?
         (DigestMethod)
         (DigestValue)
       </Reference>)+
     </SignedInfo>
     (SignatureValue) 
    (KeyInfo)?
    (Object)*
</Signature>

I think this text is pretty old, definitely before I first looked at the
draft. So I have some questions, and please excuse me if this was discussed
already (probably long ago) on the list:
1. Is this a common format?
2. Is there a reason that some tags are given as tags, e.g. SignedInfo,
while others are without the brackets, e.g. SignatureValue? 
3. Is there a reason that some mandatory elements are in parenthesis, e.g.
CanonicalizationMethod, while others are not, e.g. SignedInfo?
4. Is it correct that when a parenthesis is closed without "?", "+" or "*",
then the element should appear exactly once? If so, it may be clearer to use
a sign for `appear exactly once`, e.g. the numeral 1. Or better yet simply
not put such element in parenthesis. 

Just in case all the above points are simply minor mistakes, here's a
potential new text:

<Signature> 
     <SignedInfo>
       <CanonicalizationMethod>
       <SignatureMethod>
       (<Reference (URI=)? >
         (<Transforms>)?
         <DigestMethod>
         <DigestValue>
       </Reference>)+
     </SignedInfo>
     <SignatureValue>
    (<KeyInfo>)?
    (<Object>)*
</Signature>

Best regards, 
Amir Herzberg
CTO, NewGenPay Inc.  
http://www.newgenpay.com/Amir/Herzberg.htm
SMS (urgent only!): _subject_ of email to aherzberg@walla.co.il

Received on Tuesday, 14 August 2001 14:52:36 UTC