- From: Martin Gudgin <mgudgin@microsoft.com>
- Date: Wed, 11 Jun 2003 10:43:22 -0700
- To: "Rich Salz" <rsalz@datapower.com>, "Tony Graham" <Tony.Graham@Sun.COM>
- Cc: "XMLP Dist App" <xml-dist-app@w3.org>
I think that if I was signing only the content of an element, then it's easy to sign the binary form. In fact, provided both ends know what's going on, it doesn't really matter what the lexical form is. If I sign binary and send base64 serialization and the other end ( after passage through one or more intermediaries ) gets raw binary serialization then things should still work. Where it gets trickier is where I want to sign an element, its attributes AND its content. I don't know whether you can sign the binary data in this case. Rich? Gudge > -----Original Message----- > From: xml-dist-app-request@w3.org > [mailto:xml-dist-app-request@w3.org] On Behalf Of Rich Salz > Sent: 11 June 2003 16:31 > To: Tony Graham > Cc: XMLP Dist App > Subject: Re: New Attachments Issues > > > > be over the included data. Current XML signature > algorithms require > > signing the included data as base64-encoded characters; > the lexical > > form of such characters SHOULD be canonicalized. > > This is wrong. Current XML signature algorithms work > perfectly fine with signing binary data. As it says at the > start of the XML DSIG spec > Signatures can be applied to any digital content > Cf: http://www.w3.org/TR/xmldsig-core/#def-DataObject > > /r$ > > > -- > Rich Salz, Chief Security Architect > DataPower Technology http://www.datapower.com > XS40 XML Security Gateway http://www.datapower.com/products/xs40.html > XML Security Overview > http://www.datapower.com/xmldev/xmlsecurity.html > > >
Received on Wednesday, 11 June 2003 13:43:26 UTC