[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [ebxml-msg] security problem with ebXML MS
On Wed, 7 Nov 2001, David Fischer wrote:
I would like to suggest a variation on Suresh's idea.
What if we add a second Reference in the ds:Signature for 'each'
payload so that there would be two references to the same cid, for
each payload. I looked in the dSig spec and there doesn't seem to
be any prohibition on this.
The first reference would be to the payload as it has always been
with whatever canonicalization or transforms are required. The
second reference would be to the MIME headers. Suresh's
canonicalization of the MIME headers would still be required but we
wouldn't have to copy the MIME headers into the Manifest (minimal
change to the spec). We would still have to define that
Canonicalization Algorithm that Suresh described.
To make this more explicit I think the "second" reference -- the one
that refers to the headers -- should include something that includes it
refers to the headers not the payload. There is an optional ID and Type
attribute defined.
Can we give one of those a value that would explicitly indicate to which
"data" it was referring?
Jim
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC