- From: Marc Hadley <Marc.Hadley@Sun.COM>
- Date: Thu, 08 May 2003 14:48:16 -0400
- To: Mark Nottingham <mark.nottingham@bea.com>
- Cc: Martin Gudgin <mgudgin@microsoft.com>, noah_mendelsohn@us.ibm.com, xml-dist-app@w3.org
On Thursday, May 8, 2003, at 14:33 US/Eastern, Mark Nottingham wrote: >> How does it sidestep the problem? Please explain. > > Your original question was: > >> If A uses the latter case, how do C or D determine which instances of >> base64 encoded data to decode prior to signature verification ? > > If you sign the value space, no decision about encoding need to be > made, > because encoding isn't visible, period. There does need to be > visibility > of type information (or some other hint, as you discuss), but I *think* > we're in agreement that this is a manageable problem. A requirement for visibility of type information is a serious issue IMO. Hence my suggestion for a simple indicator of which contents are inlined binary data. Also note that messages are transmitted in lexical space so verifying a sig would require base64 decoding. > I think an appropriate question is whether it's a problem we (XMLP) > need > to provide a solution for, as it's rather specific to digital > signatures, > and therefore might be better considered elsewhere. I think its important that we consider how any new proposal fits with existing practice and available technologies. > I do agree that we > need to investigate enough to assure that it's solveable, which we > appear > to be doing. > Indeed. Marc. -- Marc Hadley <marc.hadley@sun.com> Web Technologies and Standards, Sun Microsystems.
Received on Thursday, 8 May 2003 14:48:24 UTC