URI Or Not? from Tony Palmer on 2002-05-17 (w3c-ietf-xmldsig@w3.org from April to June 2002)

From: Tony Palmer <tony@vordel.com>
Date: Fri, 17 May 2002 10:48:49 +0100
To: <w3c-ietf-xmldsig@w3.org>
Message-ID: <FHEPJNHOJKFPKOOBMLJHOEECCPAA.tony@vordel.com>

Hi,
  The value of the URI attribute contained in the Reference element in
Manoj's example is "logo-text.gif". Should this not be prepended with
"file://" to give URI="file://logo-text.gif" to make it a valid URI?
Tony



-----Original Message-----
From: w3c-ietf-xmldsig-request@w3.org
[mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of Manoj K. Srivastava
Sent: 17 May 2002 09:13
To: 'John Messing'; 'Christian Geuer-Pollmann'; 'Tom Gindin'; 'Ed Simon'
Cc: 'Roman Huditsch'; w3c-ietf-xmldsig@w3.org
Subject: RE: newbie Question about PKCS#7


Hi John,

You are right.
Please see the attached signed xml. The file that was signed is also
attached.

Thanks,
Manoj

-----Original Message-----
From: w3c-ietf-xmldsig-request@w3.org
[mailto:w3c-ietf-xmldsig-request@w3.org] On Behalf Of John Messing
Sent: Thursday, May 16, 2002 9:10 PM
To: Christian Geuer-Pollmann; Tom Gindin; Ed Simon
Cc: Roman Huditsch; w3c-ietf-xmldsig@w3.org
Subject: Re: newbie Question about PKCS#7


Wouldn't you need to include the message digest of the file in the
signed data as well and then sign the reference and the message digest
as signed info?

----- Original Message -----
From: "Christian Geuer-Pollmann"
<geuer-pollmann@nue.et-inf.uni-siegen.de>
To: "Tom Gindin" <tgindin@us.ibm.com>; "Ed Simon" <edsimon@xmlsec.com>
Cc: "Roman Huditsch" <roman.huditsch@hico.com>;
<w3c-ietf-xmldsig@w3.org>
Sent: Thursday, May 16, 2002 11:05 AM
Subject: Re: newbie Question about PKCS#7


>
>
> --On Donnerstag, 16. Mai 2002 11:28 -0400 Tom Gindin
> <tgindin@us.ibm.com>
> wrote:
>
> >       IMHO, XML Signature is not "the new way of doing signatures".
It's
> > the new, and hopefully best, way of signing documents which include
> > XML. Do you expect people to sign pure binary data using XML
> > Signature rather than CMS?
>
> I would say XML Signature is a good way for creating digital
> signatures, even detached signatures which create arbitrary binary
> content. Even if there is no hint on what exactly IS the thing being
> signed, the signature itself has rich semantics. But of course, XML
> Signature will have no great future in environments where storage size

> or computing power are limited.
>
> > Maybe I'm confused about the standard, but I don't see a "Type"
> > value for transparent binary data or a transform for it.  Does a
> > Reference with both Type and Transforms omitted mean binary?
>
> I would say yes. Signing a GIF or something similar is
>
> <Reference URI="1.gif" (or URI="protocol://host/1.gif">
>  and no transforms.
>
> Other opinions?
>
>
> Christian
>
>

Received on Friday, 17 May 2002 05:46:28 UTC