Re: Enveloped-signature games with pre-c14n

Hi Joseph,

> Christian/Merlin, I don't recall, did we ever resolve this proposal?

I actually don't know. For me, it reads like :

  "It's not possible to apply Transforms that produce octet
   stream output (like base64 or c14n) prior to
   #enveloped-signature transform or an #xpath transform
   that uses the here() function. Additionally, it's not
   possible to apply #enveloped-signature transform or an
   #xpath transform that uses here() to a non-local URI."

But I am not sure whether this is correct.
Christian


Dialog modified for readability:

>>>>> If you perform c14n/reparse, then you have a new document.
>>>>> Merlin

>>>> Sorry fo bugging again. Could this be done by saying in the spec:
>>>>
>>>>   "It's not possible to apply Transforms that produce octet
>>>>    stream output (like base64 or c14n) prior to
>>>>    #enveloped-signature transform or an #xpath transform
>>>>    that uses the here() function."
>>>> Would this make sense?
>>>> Christian

>>> That doesn't cover the case of applying the transform to a non-local
>>> URI. At most, a sentence saying that enveloped signature cannot be
>>> applied to a resource other than a node set from the original signature
>>> document. Given that the usage seems nonsensical, I'm not sure that
>>> even this is really necessary.
>>> Merlin

>> But if I apply #enveloped-signature #xpath with here()-usage to a
>> non-local URI, this is an error, isn't it?
>> Christian

> Hi Christian, It is. Your statement merely disallowed
> certain transforms, not certain URIs.
> Merlin




Mit freundlichen Grüßen,

Christian Geuer-Pollmann


--------------------------------------------------------------------------
Institute for Data Communications Systems             University of Siegen
Hoelderlinstrasse 3                 D-57068 Siegen                 Germany

mail:  mailto:geuer-pollmann@nue.et-inf.uni-siegen.de
web:  <http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/>

Received on Saturday, 1 September 2001 11:39:12 UTC