RE: Why is the Target attribute in SignatureProperty required?

Karl,

What if a document contains many <Signature> elements and many
<SignatureProperties> elements? 

This is what I'm thinking of:

<Sigs>
	<Signature Id="Sig1>
	...
	</Signature>

	<Signature Id="Sig2>
	...
	</Signature>

	<Signature Id="Sig3>
	...
	</Signature>

	<Signature Id="Sig4>
	...
	  
	  <Object>
	    <SignatureProperties> 
            <SignatureProperty Id="Prop1" Target="#Sig1"> 
            ...
            </SignatureProperty> 
			
		<SignatureProperty Id="Prop2" Target="#Sig2"> 
            ...
            </SignatureProperty> 

		<SignatureProperty Id="Prop3" Target="#Sig3"> 
            ...
            </SignatureProperty> 

     ]   </SignatureProperties> 
	
	  </Object>
	
	</Signature>
</Sigs>

In my example above, the last signature contains three sets of assertions
that do not relate to Sig4, but do relate to the other <Signature> child
elements.


Blake Dournaee
Toolkit Applications Engineer
RSA Security
 
"The only thing I know is that I know nothing" - Socrates
 
 


-----Original Message-----
From: Karl Scheibelhofer [mailto:Karl.Scheibelhofer@iaik.at]
Sent: Monday, August 27, 2001 6:31 AM
To: Donald E. Eastlake 3rd
Cc: XMLSigWG
Subject: RE: Why is the Target attribute in SignatureProperty required?


sorry, i canot follow your argumentation.
if my SignedProperties is inside the Object element of a signature, i really
do not need this reference. even though, i must set it, because it is
required (however, the ID of the signature itself is optional).
if the target is present, the application must nevertheless check if this
SignedProperties is really covered by a reference in the signature, when it
verifies the signature. the Target attribute does not relly help in many
cases. i agree that there might be applications where it is useful to have
such a Target attribute, but it should be optional rather than reuqired, i
think.
this Target is only useful in applications where you have separated
SignedProperties and you need to find the signature which signs it. i think
that this is not common practice. normally you need to come from the other
direction - you have the signature and get the SignedProperties of it, for
which you use the references directly.

regards

  Karl

--

Karl Scheibelhofer, <mailto:Karl.Scheibelhofer@iaik.at>
Institute for Applied Information Processing and Communications (IAIK)
at Graz University of Technology , Austria, http://www.iaik.at and
http://jcewww.iaik.at
Phone: (+43) (316) 873-5540

> -----Original Message-----
> From: Donald E. Eastlake 3rd [mailto:dee3@torque.pothole.com]
> Sent: Monday, August 27, 2001 3:13 PM
> To: Karl Scheibelhofer
> Cc: XMLSigWG
> Subject: Re: Why is the Target attribute in SignatureProperty required?
>
>
>
> If it appears inside a Signature, a SignatureProperty could apply
> to that signature or separately to any one of the References. If
> it appeared outside of a Signature, it could apply to any singature
> or reference in the world. You need Target to tell what's going on.
>
> Donald
>
>
> From:  "Karl Scheibelhofer" <Karl.Scheibelhofer@iaik.at>
> To:  "XMLSigWG" <w3c-ietf-xmldsig@w3.org>
> Date:  Mon, 27 Aug 2001 14:47:44 +0200
> Message-ID:  <NDBBJJNFOMNNKFDPLCDJGEJACLAA.Karl.Scheibelhofer@iaik.at>
>
> >hi,
> >
> >can anyone explain, why the Target attribute in the
> SignatureProperty type
> >is required and not optional? i can see no obvious reason to make this
> >attribute required.
> >
> >regards
> >
> >  Karl
> >
> >--
> >
> >Karl Scheibelhofer, <mailto:Karl.Scheibelhofer@iaik.at>
> >Institute for Applied Information Processing and Communications (IAIK)
> >at Graz University of Technology , Austria, http://www.iaik.at and
> >http://jcewww.iaik.at
> >Phone: (+43) (316) 873-5540
> >
>
>

Received on Monday, 27 August 2001 15:21:17 UTC