- From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
- Date: Thu, 23 May 2002 23:13:48 +0200
- To: jboyer@PureEdge.com, reagle@w3.org
- cc: w3c-ietf-xmldsig@w3.org
Received on Thursday, 23 May 2002 17:08:31 UTC
Hi John, hi Joseph, I implemented exclusive c14n for the Apache package. On my implementation, exclusive c14n is SLOWER than inclusive c14n: Factor between 1.3 and 1.6 I can verify the signature from merlin-iaikTests-two.tar.gz but one reference (the first one fails). This means that I can do reference validation on all things which use exclusive c14n. The first reference uses conventional (inclusive) c14n. I re-created the same signature Merlin did on the four IAIK files. This signature is attached. HMAC, secret key is the six octets from "secret". Regards, Christian
Received on Thursday, 23 May 2002 17:08:31 UTC