[rfc-i] digital signatures in documents

Joe Hildebrand (jhildebr) jhildebr at cisco.com
Mon Oct 1 00:07:27 PDT 2012

On 9/30/12 9:54 AM, "Paul Hoffman" <paul.hoffman at vpnc.org> wrote:

>Detached signatures have none of the failings of the proposed internal
>signatures: having to rely on a current broken spec or having to invent a
>new one, adding cruft that might be exposed to the 99.999% of readers who
>don't care, encouraging software that might show "failures" for things
>like changing line-ending characters, etc. Detached signatures allow the
>teeny number of people who might care about bit-level integrity to check
>it easily, and we already have working tools that can be used for them.

+1.  XMLDsig is to be avoided at all costs.  The only thing worse would be
to try to rewrite XMLDsig over from scratch so that mortals could
implement it.

Joe Hildebrand

More information about the rfc-interest mailing list