[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] DSS Core comments
At 03:37 PM 12/3/2003 -0500, Frederick.Hirsch@nokia.com wrote:
>Trevor
>
>I like this level of detail better since it is less ambiguous on how
>various input choices are processed.
>(For example I thought the base64 text would be the input to the hash
>function, this clarifies that decoding first is intended)
>
>I note you made the change that the <XMLData> element itself is not
>included in the hash value, which I prefer.
>
>Regarding same document reference being a node set, isn't that only
>applicable to verification where a Reference
>of "" is processed, so I don't think this is a problem.
It's also applicable where a client has already applied some transforms,
and then sends the document. For example, the client sends:
<Document>
<XMLData>.....</XMLData>
<ds:Transforms>
<ds:Transform
Algorithm="<http://www.w3.org/TR/1999/REC-xslt-19991116>http://www.w3.org/TR/1999/REC-xslt-<http://www.w3.org/TR/1999/REC-xslt-19991116>19991116">
...
</ds:Transform>
</ds:Transforms>
</Document>
The XSLT transform will produce a node set. Now suppose the server wants
to apply an additional transform that takes a node set. Normally when you
have 2 such transforms back-to-back, the data object will stay as a node set.
But in DSS, the data object will be canonicalized to an octet stream on the
client-side, then re-parsed on the server side.
I don't think that will affect the resultant signature. But I'm not 100% sure.
Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]