[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded
Trevor, > -----Original Message----- > From: Trevor Perrin [mailto:trevp@trevp.net] > Sent: Saturday, March 29, 2003 7:22 PM > To: dss@lists.oasis-open.org > Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded > > > At 05:50 PM 3/29/2003 +0000, Nick Pope wrote: > >Content-Transfer-Encoding: 7bit [...] > That's one reason I think signing the transformed data is better than > signing the transforms themselves. In addition to the fact > that not all > transforms will even *BE* signable, so this method has limited > applicability. Also, XML-DSIG only allows you to specify > transforms that > are applied to the to-be-signed data before the signing. Now you're > proposing a different thing, transforms that are applied to > the was-signed > data after signing. So we'd have to create a new syntax to > support these > post-signature transforms. I agree with Trevor. The syntax of XMLDSIG is to transform data prior to digest and signature calculation, not the other way round. I see no reason for designing a new syntax that supports post-signature transforms. > In any case, this whole discussion has more to do with the > format of an > XML-DSIG, then with a DSS protocol. I hope Gregor will let > us know what he > thinks we should do here, and we can see if/how it would > impact the protocol. I hope the flood of emails I have written in the past hours will clarify some issues ;-) /Gregor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]