[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: T2 Retry with Delivery Receipt
Rich Salz wrote: > > > I have not yet managed to fully comprehend the XMLDSIG spec. There > > isn't, by any chance, a way to use XMLDSIG solely for creating and > > transmitting a message digest, without any digital signature? > > You can mostly get there; the document hash(es) are separate elements > from the signature. So while it won't be an xmldsig doc, it gets 90% > re-use. In order to do a real hash, you have to do XML canonicalization, > which is a pain. And then you also have to consider how you canonicalize > and hash the attachments. > > It ends up being an awful lot of work. Are there any other IETF-spec'd > TCP-based services that do this? SSL/TLS -- so perhaps saying "use ssl > if you're worried about tcp bitrot" is the way to go. > /r$ > -- > Zolera Systems, Securing web services (XML, SOAP, Signatures, > Encryption) > http://www.zolera.com > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> SSL applies another layer of digest hashing and checking. We cannot require its use, but we can strongly recommend it. IPSEC would also provide integrity checking at the network level. Cheers, Chris
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC