[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded
As I mentioned yesterday, I think it is best to sign the original and the transform as this means both the human and computer can work from the same raw data. Nick > -----Original Message----- > From: Trevor Perrin [mailto:trevp@trevp.net] > Sent: 25 March 2003 21:27 > To: Nick Pope; dss@lists.oasis-open.org > Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded > > > At 12:42 PM 3/25/2003 -0800, Trevor Perrin wrote: > > >At 12:37 PM 3/25/2003 -0800, Trevor Perrin wrote: > > > >>Right, but then I think you need to sign both the XML *and* the > >>transformed, human-readable form. > > > >For example, an XML-DSIG could have 2 references, both to the same > >document, one of which applies a transform to make it > human-readable, the > >other of which doesn't. > > > >So the transforms (in this and other cases) still might need to > be protected. > > > > Actually, never mind. As long as you've signed the transformed data, the > transforms *don't* need to be protected, cause if the relying party gets > corrupted transforms, the signature won't verify. So isn't this all that > needs to be done?: > > >an XML-DSIG could have 2 references, both to the same document, one of > >which applies a transform to make it human-readable, the other of which > >doesn't. > > Trevor > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]