- From: Frederick Hirsch <w3c@fjhirsch.com>
- Date: Wed, 27 Aug 2014 09:17:33 -0400
- To: "public-xmlsec@w3.org List Public" <public-xmlsec@w3.org>
- Cc: Frederick Hirsch <w3c@fjhirsch.com>
Here is the original message sent to public-xmlsec-comment, for the record http://lists.w3.org/Archives/Public/public-xmlsec-comments/2014Jul/0000.html > From: helpcrypto helpcrypto <helpcrypto@gmail.com> > Date: Tue, 29 Jul 2014 09:30:01 +0200 > Message-ID: <CAHMQSgsoLcL4LsaAwVctu5WAuzc7ps_CsBOv8Hgi=V_pZ2tJrw@mail.gmail.com> > To: public-xmlsec-comments@w3.org Hi. Altough XMLDSig [1] is quite old, stable and well-known, I havent been able to understand (maybe a translation/missunderstanding issue) the detached signatures properly. According to [2]: "*The signature is over content external to the Signature element, and can be identified via a URI or transform. Consequently, the signature is "detached" from the content it signs.*" Ok. Detached elements... "*This definition typically applies to separate data objects, but it also includes the instance where the Signature and data object reside within the same XML document but are sibling elements.*" Ok. Signature and object in the same XML doc and siblings. As stated in [3] (I't seems the standard doesnt distinguish between internal/external) "the signature and data can be in separate files or in the same XML file as sibling elements" Shall I understand the "internally detached" *unique valid signature* is where signature and data are brothers (or sisters) [have the same parent]? *Is the following example a valid detached signature? * *<root>* * <my-data>* * <node Id="n"></node>* * <my-data>* * <my-sign> * * <signature ref="n"></signature> </my-sign>* *</root>* Thanks a lot for your help Regards [1] http://www.w3.org/TR/xmldsig-core/ [2] http://www.w3.org/TR/xmldsig-core/#def-SignatureDetached [3] http://msdn.microsoft.com/en-us/library/ms759193%28v=vs.85%29.aspx regards, Frederick Frederick Hirsch, Nokia Chair DAP @fjhirsch
Received on Wednesday, 27 August 2014 13:18:05 UTC