- From: Amir Herzberg <AMIR@newgenpay.com>
- Date: Mon, 19 Nov 2001 12:37:15 +0200
- To: <reagle@w3.org>, <imamu@jp.ibm.com>, <maruyama@jp.ibm.com>
- Cc: <xml-encryption@w3.org>
I agree - I didn't think of the simple solution below - sorry! I think it may be useful to include a few words on this in the security consideration section. Amir > > However, there is another solution: do not _sign_ the > encrypted data in > > the first place. Namely, the transform could have a third operation > > which completely removes encrypted-then-signed elements, > > This is possible and achievable within the framework of > xmldsig itself. One > could write an XPath expression that removed the encrypted > portions one > does not want to sign.
Received on Monday, 19 November 2001 05:37:35 UTC