- From: Mark Nottingham <mark.nottingham@bea.com>
- Date: Thu, 8 May 2003 11:33:31 -0700
- To: "Marc Hadley" <Marc.Hadley@Sun.COM>
- Cc: "Martin Gudgin" <mgudgin@microsoft.com>, <noah_mendelsohn@us.ibm.com>, <xml-dist-app@w3.org>
> > An alternative is to use a signature algorithm that (perhaps > > selectively) operates on the value space of the content, rather > > than the lexical space. > > That's what I meant by "an attachment/xbinc:Include aware C14N > algorithm". Unless I'm mistaken I think your alternative is the second > case I described. > > > This sidesteps the problem by making the attachment mechanism > > transparent, as intended. > > > How does it sidestep the problem? Please explain. Your original question was: > If A uses the latter case, how do C or D determine which instances of > base64 encoded data to decode prior to signature verification ? If you sign the value space, no decision about encoding need to be made, because encoding isn't visible, period. There does need to be visibility of type information (or some other hint, as you discuss), but I *think* we're in agreement that this is a manageable problem. I think an appropriate question is whether it's a problem we (XMLP) need to provide a solution for, as it's rather specific to digital signatures, and therefore might be better considered elsewhere. I do agree that we need to investigate enough to assure that it's solveable, which we appear to be doing. Cheers,
Received on Thursday, 8 May 2003 14:33:46 UTC