- From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
- Date: Wed, 17 Oct 2001 20:55:56 -0400
- To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
- cc: w3c-ietf-xmldsig@w3.org
Hi, Whether to process Manifests, what to do if one or more items in the Manifest fails Reference validation, whether to chase down Manifests pointed to by Manifests, etc., is all application dependent. It would be reasonable, in my opinion, for an application to only process Manifests where the Reference has a Manifest type attribute, in which case you would need to generate signatures where the Reference URI points directly at the Manifest (rather than, say, an encompassing Object) and specify the Manifest type, if you want that Manifest checked. But applications are not required to behave in this way. Donald From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de> Date: Tue, 09 Oct 2001 19:12:45 +0200 To: w3c-ietf-xmldsig@w3.org Message-ID: <1927385181.1002654765@pinkpanther> >Hi all, > >The Type attribute of a ds:Reference can contain the Type of a Reference >like > >Type="http://www.w3.org/2000/09/xmldsig#Object" > >or > >Type="http://www.w3.org/2000/09/xmldsig#Manifest" > >. Does there exist a proposed processing model how verification is done on >that? From what I see, there exist two different ways: > >1: I ignore this type information and do only core validation: >SignatureValue and the SignedInfo > >2: I try to follow and verify all nested Manifests (if Type="&ds;Manifest"). > >But what processing should happen if the Type is #Reference or #Object? > > >Christian >
Received on Wednesday, 17 October 2001 20:58:07 UTC