- From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
- Date: Tue, 04 Sep 2001 07:25:55 +0200
- To: merlin <merlin@baltimore.ie>
- Cc: Joseph Reagle <reagle@w3.org>, w3c-ietf-xmldsig@w3.org
Hi, > If we really want to clarify the point, I'd suggest simply appending a > sentence to 6.6.4 along the lines of: "This transform may only be applied > to a node-set from its parent XML document." Or something like that. > > XPath already defines this use of here() as an error. This looks good. > > Merlin > > r/geuer-pollmann@nue.et-inf.uni-siegen.de/2001.09.01/17:40:25 >> Hi Joseph, >> >>> Christian/Merlin, I don't recall, did we ever resolve this proposal? >> >> I actually don't know. For me, it reads like : >> >> "It's not possible to apply Transforms that produce octet >> stream output (like base64 or c14n) prior to >> #enveloped-signature transform or an #xpath transform >> that uses the here() function. Additionally, it's not >> possible to apply #enveloped-signature transform or an >> #xpath transform that uses here() to a non-local URI." >> >> But I am not sure whether this is correct. >> Christian >> >> >> Dialog modified for readability: >> >>>>>>> If you perform c14n/reparse, then you have a new document. >>>>>>> Merlin >> >>>>>> Sorry fo bugging again. Could this be done by saying in the spec: >>>>>> >>>>>> "It's not possible to apply Transforms that produce octet >>>>>> stream output (like base64 or c14n) prior to >>>>>> #enveloped-signature transform or an #xpath transform >>>>>> that uses the here() function." >>>>>> Would this make sense? >>>>>> Christian >> >>>>> That doesn't cover the case of applying the transform to a non-local >>>>> URI. At most, a sentence saying that enveloped signature cannot be >>>>> applied to a resource other than a node set from the original >>>>> signature document. Given that the usage seems nonsensical, I'm not >>>>> sure that even this is really necessary. >>>>> Merlin >> >>>> But if I apply #enveloped-signature #xpath with here()-usage to a >>>> non-local URI, this is an error, isn't it? >>>> Christian >> >>> Hi Christian, It is. Your statement merely disallowed >>> certain transforms, not certain URIs. >>> Merlin >> >> >> >> >> Mit freundlichen Gr=FC=DFen, >> >> Christian Geuer-Pollmann >> >> >> ------------------------------------------------------------------------ >> -- Institute for Data Communications Systems University of >> Siegen Hoelderlinstrasse 3 D-57068 Siegen >> Germany >> >> mail: mailto:geuer-pollmann@nue.et-inf.uni-siegen.de >> web: <http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/> >> > > > ------------------------------------------------------------------------- > ---- Baltimore Technologies plc will not be liable for direct, special, > indirect or consequential damages arising from alteration of the > contents of this message by a third party or as a result of any virus > being passed on. > > In addition, certain Marketing collateral may be added from time to time > to promote Baltimore Technologies products, services, Global e-Security or > appearance at trade shows and conferences. > > This footnote confirms that this email message has been swept by > Baltimore MIMEsweeper for Content Security threats, including > computer viruses. > http://www.baltimore.com > Mit freundlichen Grüßen, Christian Geuer-Pollmann -------------------------------------------------------------------------- Institute for Data Communications Systems University of Siegen Hoelderlinstrasse 3 D-57068 Siegen Germany mail: mailto:geuer-pollmann@nue.et-inf.uni-siegen.de web: <http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/>
Received on Tuesday, 4 September 2001 01:24:12 UTC