- From: Joseph Reagle <reagle@w3.org>
- Date: Thu, 6 Dec 2001 11:28:34 -0500
- To: Sean Mullan <sean.mullan@sun.com>, w3c-ietf-xmldsig@w3.org
On Thursday 06 December 2001 05:32, Sean Mullan wrote: > Step 3 of section 3.2.1 states: > > "Compare the generated digest value against DigestValue > in the SignedInfo Reference; if there is any mismatch, > validation fails." > > Does "validation" above mean "core validation"? Hi Sean. It means Reference Validation fails and since Core Validation requires Reference *and* Signature (cryptographic) validation, Core consequently fails as well. > If a single > reference fails to validate, core validation fails. I assume > this means an implementation should (must?) abort validation of the > remaining references and return a failure. Is my assumption > correct? According to the specification the Signature is not valid. How this is communicated is up to the application which could short cut and immediately abort, continue processing the other references so it can identify which ones failed, and/or do the cryptographic signature validation as other piece of information to the user or calling application. -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Thursday, 6 December 2001 11:28:35 UTC