[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [dss] Schema TP5. ISSUE#1: Already applied transformations by the client
At 02:58 PM 10/6/2003 +0200, Juan Carlos Cruellas wrote: >Somebody could say: "wait a moment!, it is not DOC-0 but DOC-1 the document >that the client sends in the InputDocument!". >Well, even in that case the processing would lead to bad ds:Signature >elements. yeah, I think that would be the case. >Suppose that the client sends DOC-1. In this case, according to the basic >processing of our document: > >1. Computes the hash of DOC-1: HDOC-1. >2. Generates the ds:Reference with the ds:Transforms that the client has >applied to DOC-0 to get DOC-1. >3. ENVELOPES DOC-1 WITHIN A ds:Object of the ds:Signature. AND HERE IT IS >THE PROBLEM FOR THE VERIFICATION. > >In the verification: > >2.1 the dereferencing would get DOC-1. Then the transformations that >the verifier would apply would lead him to a DOC-2 completely different!! >and 2.2 would, of course fail!. Hmm. Right. Could we avoid this by just saying that if you're sending a document for enveloping, you can't apply Transforms to it? Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]