- From: Dournaee, Blake <bdournaee@rsasecurity.com>
- Date: Mon, 27 Aug 2001 12:18:40 -0700
- To: "'Karl Scheibelhofer'" <Karl.Scheibelhofer@iaik.at>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
- Cc: XMLSigWG <w3c-ietf-xmldsig@w3.org>
Karl, What if a document contains many <Signature> elements and many <SignatureProperties> elements? This is what I'm thinking of: <Sigs> <Signature Id="Sig1> ... </Signature> <Signature Id="Sig2> ... </Signature> <Signature Id="Sig3> ... </Signature> <Signature Id="Sig4> ... <Object> <SignatureProperties> <SignatureProperty Id="Prop1" Target="#Sig1"> ... </SignatureProperty> <SignatureProperty Id="Prop2" Target="#Sig2"> ... </SignatureProperty> <SignatureProperty Id="Prop3" Target="#Sig3"> ... </SignatureProperty> ] </SignatureProperties> </Object> </Signature> </Sigs> In my example above, the last signature contains three sets of assertions that do not relate to Sig4, but do relate to the other <Signature> child elements. Blake Dournaee Toolkit Applications Engineer RSA Security "The only thing I know is that I know nothing" - Socrates -----Original Message----- From: Karl Scheibelhofer [mailto:Karl.Scheibelhofer@iaik.at] Sent: Monday, August 27, 2001 6:31 AM To: Donald E. Eastlake 3rd Cc: XMLSigWG Subject: RE: Why is the Target attribute in SignatureProperty required? sorry, i canot follow your argumentation. if my SignedProperties is inside the Object element of a signature, i really do not need this reference. even though, i must set it, because it is required (however, the ID of the signature itself is optional). if the target is present, the application must nevertheless check if this SignedProperties is really covered by a reference in the signature, when it verifies the signature. the Target attribute does not relly help in many cases. i agree that there might be applications where it is useful to have such a Target attribute, but it should be optional rather than reuqired, i think. this Target is only useful in applications where you have separated SignedProperties and you need to find the signature which signs it. i think that this is not common practice. normally you need to come from the other direction - you have the signature and get the SignedProperties of it, for which you use the references directly. regards Karl -- Karl Scheibelhofer, <mailto:Karl.Scheibelhofer@iaik.at> Institute for Applied Information Processing and Communications (IAIK) at Graz University of Technology , Austria, http://www.iaik.at and http://jcewww.iaik.at Phone: (+43) (316) 873-5540 > -----Original Message----- > From: Donald E. Eastlake 3rd [mailto:dee3@torque.pothole.com] > Sent: Monday, August 27, 2001 3:13 PM > To: Karl Scheibelhofer > Cc: XMLSigWG > Subject: Re: Why is the Target attribute in SignatureProperty required? > > > > If it appears inside a Signature, a SignatureProperty could apply > to that signature or separately to any one of the References. If > it appeared outside of a Signature, it could apply to any singature > or reference in the world. You need Target to tell what's going on. > > Donald > > > From: "Karl Scheibelhofer" <Karl.Scheibelhofer@iaik.at> > To: "XMLSigWG" <w3c-ietf-xmldsig@w3.org> > Date: Mon, 27 Aug 2001 14:47:44 +0200 > Message-ID: <NDBBJJNFOMNNKFDPLCDJGEJACLAA.Karl.Scheibelhofer@iaik.at> > > >hi, > > > >can anyone explain, why the Target attribute in the > SignatureProperty type > >is required and not optional? i can see no obvious reason to make this > >attribute required. > > > >regards > > > > Karl > > > >-- > > > >Karl Scheibelhofer, <mailto:Karl.Scheibelhofer@iaik.at> > >Institute for Applied Information Processing and Communications (IAIK) > >at Graz University of Technology , Austria, http://www.iaik.at and > >http://jcewww.iaik.at > >Phone: (+43) (316) 873-5540 > > > >
Received on Monday, 27 August 2001 15:21:17 UTC