Re: digest requirement

On Monday 24 September 2001 06:32, Amir Herzberg wrote:
> No, simply for the reference you've put in the manifest to be valid,
> e.g.:
> <Reference URI="foo.xml#b">
>
> Without putting the `id="b"` in the EncryptedData I think this reference
> won't identify this element.

But you aren't signing the encrypted data, but it's decrypted form. So 
having it have the same ID might be nice, but I don't think it's required 
(from a philosophical point of view.) It might help you stage your 
processing, but those things will have to be decrypted first anyway, but 
the Decryption Transform.

For this I still think that we
> must either use DigestValue in the EncryptedData, and a transform to
> sign only the DigestValue, or a transform to remove the entire
> EncryptedData and sign it only via Manifest as you suggested.

Ok, I'll put the question to the list.

Received on Wednesday, 26 September 2001 19:09:49 UTC