- From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
- Date: Thu, 16 May 2002 20:05:33 +0200
- To: Tom Gindin <tgindin@us.ibm.com>, Ed Simon <edsimon@xmlsec.com>
- cc: Roman Huditsch <roman.huditsch@hico.com>, w3c-ietf-xmldsig@w3.org
--On Donnerstag, 16. Mai 2002 11:28 -0400 Tom Gindin <tgindin@us.ibm.com> wrote: > IMHO, XML Signature is not "the new way of doing signatures". It's > the new, and hopefully best, way of signing documents which include XML. > Do you expect people to sign pure binary data using XML Signature rather > than CMS? I would say XML Signature is a good way for creating digital signatures, even detached signatures which create arbitrary binary content. Even if there is no hint on what exactly IS the thing being signed, the signature itself has rich semantics. But of course, XML Signature will have no great future in environments where storage size or computing power are limited. > Maybe I'm confused about the standard, but I don't see a "Type" > value for transparent binary data or a transform for it. Does a > Reference with both Type and Transforms omitted mean binary? I would say yes. Signing a GIF or something similar is <Reference URI="1.gif" (or URI="protocol://host/1.gif"> and no transforms. Other opinions? Christian
Received on Thursday, 16 May 2002 14:01:07 UTC