[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss-x] Question regarding our good old DSS test vectors
Hi Juan Carlos, > If I am right, there are two possibilities for having a XMLSig > dettached from what it signs: > > 1. The signed data object is in an external document from where the > XMLSig is, and I guess that the RefUri should be something like: > http://www.foo.com/fooDoc.html > > 2. The XMLSig is enveloped within a document. The signed data object > is a subpart of the enveloping document, but is neither enveloping the > nor enveloped by the XMLSig. In this case, however, I would say that > the request should include the optional input for include the > signature within the document and make the signature to sign a part of > the document.... > > In the light of that, I would say that the request is bad... > 1. I re-read the XMLDSig spec under this special focus. Detached signature is mentioned explicitly, the only sample is the 'easy' case with a referable document somewhere on the internet. But most of our SR-X-DET-* test cases assume a document not referable but somehow well known. This is mentioned in the XMLDSig spec in just one sentence ... This 'detached and well known' mode makes it difficult to verify the signature. So I would propose to modify the SR-X-DET-* test cases to refer to a public document. Some test cases with an embedded document in different encoding styles would be dropped, but this part is still under test in the SR-X-ENV-* section. For the same reason I would like suppress cryptographic verification of detached CMS signatures. 2. I guess this is the same problem as under 1. . Refer to an addressable document or drop verification of the test case ... Greetings, Andreas
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]