- From: Aissi, Selim <selim.aissi@intel.com>
- Date: Mon, 2 Dec 2002 09:22:08 -0800
- To: Bilal Siddiqui <xml4java@yahoo.co.uk>, w3c-ietf-xmldsig@w3.org
Bilal, Listings 5, 7, and 8 cannot be displayed. Thanks. --Selim Selim Aissi Senior Security Architect Intel Research & Development -----Original Message----- From: Siddiqui [mailto:xml4java@yahoo.co.uk] Sent: Monday, December 02, 2002 7:32 AM To: w3c-ietf-xmldsig@w3.org Subject: Re: Comments on "XML Canonicalization" Hi Joseph, Thanks for your comments. They are much appreciated. I had edited the published version of the article within a few days of receipt of your comments. However I didn't notify you and the XML Signature list of the edits in the article. That was a mistake. Please excuse me for the same. The problematic paragraph has been changed from: When a user wants to sign an XML document, there is a two step procedure. First, the user digests the XML file to be signed and produces a digest value. Secondly, the user signs both the XML message and the digest with the user's private key. to read as follows: When a user wants to sign an XML document, there is a two step procedure. First, the user digests the XML file to be signed and produces a digest value. Secondly, the user signs a reference to the XML message and the digest with the user's private key. The change is in the third sentence where the words "both the" have been replaced with the words "a reference to". The article can be viewed at: http://www.xml.com/pub/a/2002/09/18/c14n.html I hope it serves. Bet regards, Bilal ----- Original Message ----- From: "Joseph Reagle" <reagle@w3.org> To: <wap_monster@yahoo.com> Cc: "XML Signature" <w3c-ietf-xmldsig@w3.org> Sent: Friday, September 27, 2002 6:13 AM Subject: Comments on "XML Canonicalization" > Hi Bilal, > > In [1] you state, "When a user wants to sign an XML document, there is a two > step procedure. First, the user digests the XML file to be signed and > produces a digest value. Secondly, the user signs both the XML message > and the digest with the user's private key." > > Actually, the user creates a manifest (i.e., SignedInfo) of references to > the objects being secured and their digest values. This manifest itself > is then digested and cryptographically signed. The first digest captures > the "fingerprint" of the files being secured. The second digest is over > the first set (and retains their import) but also includes security information > (such as the signature algorithm). This value is then bound to a private > key via a cryptographic signature algorithm. > > The two important points here are that: > 1. The two step: digesting the digest values is an easy way to collectively > process a collection of resources. > 2. A cryptographic signature is a computionally expensive procedure that > binds some data with a private key. Applying this procedure to the data > would be expensive and unnecessary. For the purposes of signature, I can > "sign" the data's digest value just as well. > > [1] http://www.xml.com/pub/a/2002/09/18/c14n.html > > > -- > *Note: I will be traveling and attending meetings Oct 2/3 in California; and > Oct 5-15 in Australia. I will not be very responsive during this period; > I will fully respond to any email as soon as possible after my return. > > Joseph Reagle Jr. http://www.w3.org/People/Reagle/ > W3C Policy Analyst mailto:reagle@w3.org > IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ > W3C XML Encryption Chair http://www.w3.org/Encryption/2001/ __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
Received on Monday, 2 December 2002 13:34:18 UTC