- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Wed, 31 Jan 2001 15:13:24 -0500
- To: "Frederick J. Hirsch" <hirsch@caveosystems.com>
- Cc: <xml-encryption@w3.org>, "Frederick Hirsch" <hirsch@caveosystems.com>
At 13:08 1/22/2001 -0500, Frederick J. Hirsch wrote: >4. Assume party C receives the document with the encrypted element and the >signature and wishes to verify the signature. The reference is valid since >the >encrypted element has the "a" Id, so the signature could be over the >encrypted >element or over the unencrypted element. One approach would be to attempt >verify >the signature with the reference to the encrypted element - this is the >correct >behaviour since this is what the reference refers to. If it fails, the >verifier >could detect that the element was encrypted, decrypt it, and try again. Hi Fred, I think this only works when the signature/encryption is of the same granularity, right? What happens if you want to encrypt children of the element signed? You would revert to having to validate the parent element, then try validate it under all permutations of its children decrypted I think. __ Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Wednesday, 31 January 2001 15:13:32 UTC