- From: Don Davis <dtd@world.std.com>
- Date: Tue, 29 Aug 2000 19:55:34 -0500
- To: Ed Simon <ed.simon@entrust.com>
- Cc: xml-encryption@w3.org
> Just had a thought as to how one can get the same > effect of sign/wrap/sign without actually having > to sign twice. ... Rather than signing twice, > two digests [for plaintext and for ciphertext with > names, respectively] are covered by one signature. mr. simon, i believe it works. i can't be sure, because i'm uncertain about the xml-sig syntax. but the idea of signing both digests at once is very nice, and i wish i had thought of it years ago. in fact, i suggest that you should publish it. > if this is an XML Signature security issue, then > it needs to be discussed on the XML Signature list. but this isn't an xml-sig security issue at all; it's a problem that arises only when xml-encryption is combined with xml-sig. since the xml-enc standard will follow the xml-sig standard, it makes sense to address the issue in the xml-enc draft. indeed, the xml-sig draft _cannot_ discuss how signatures should interact with encryption, since xml-sig can't refer to a non-existent xml-enc draft. - don davis, boston -
Received on Tuesday, 29 August 2000 19:56:56 UTC