- From: Joseph Reagle <reagle@w3.org>
- Date: Mon, 28 Jan 2002 11:57:11 -0500
- To: "Karl Scheibelhofer" <Karl.Scheibelhofer@iaik.at>, "'John Boyer'" <JBoyer@PureEdge.com>, "'merlin'" <merlin@baltimore.ie>
- Cc: <w3c-ietf-xmldsig@w3.org>
On Monday 28 January 2002 11:11, Karl Scheibelhofer wrote: > an acceptable performance. the signature creation/verification took > several seconds for an XML signature with three references using a XPath > filter; one for the signed content, one for the key info and one for > signed properties. Karl, thanks for this info. I have a few questions. 1. With your present implementation when you sign these three things, do you then create 3 references each with an XPointer to the subtree? 2. It's clear we can get very good performance for subtree selection. Have any of your scenario' required omission filters? If so, how would you think they be best addressed in the future (e.g., 1.1) A. Presently we say be careful with XPointers in URIs because of implementation issues: XPointer is not widely implemented, not yet REC, and we don't quite trust consistent application interpretations of fragment identifiers. Should we relax the discouragement of XPointer? (I'd be concerned about its lack of wide-spread implementation and status, but is the fragment interpretation not a problem in your experience?) B. Specify a new XPath transform that is at least very fast for subtree selection and hopefully faster for omission filters -- I'm not sure how to do the latter yet. 3. Since the enveloped signature transform is specified via an XPath expression (though it is not required to be the means of implementing it) how do you implement that and how is its performance? -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Monday, 28 January 2002 11:57:26 UTC