[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Signature Verification Output
Rich, > -----Original Message----- > From: Rich Salz [mailto:rsalz@datapower.com] > Sent: Tuesday, April 01, 2003 2:00 PM > To: Gregor Karlinger > Cc: 'Anthony Nadalin'; dss@lists.oasis-open.org > Subject: RE: [dss] Signature Verification Output > > > > I am sure there are a lot situations where the requestor > wants to know > > what is the information actually signed by the signtature. > > > > What's the worth of a signature if I do not know what the > signature is > > about? > > This seems backwards to me. > > I think it more likely "I got some signed data; is the > signature good" than "I got some signed data; what was signed" I am not sure if you would be happy if I sent you an XML signature with a dsig:Reference containing a - possibly long and complicated - chain of transforms; and your client application tells you: "Well, Gregor sent you a signed message; the signature seems to be valid. However I cannot tell you what the content of the message is about, since I have no means to process the transforms specified in the signature" ... /Gregor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]