[rfc-i] digital signatures in documents

Joe Hildebrand (jhildebr) jhildebr at cisco.com
Mon Oct 1 00:07:27 PDT 2012


On 9/30/12 9:54 AM, "Paul Hoffman" <paul.hoffman at vpnc.org> wrote:

>Detached signatures have none of the failings of the proposed internal
>signatures: having to rely on a current broken spec or having to invent a
>new one, adding cruft that might be exposed to the 99.999% of readers who
>don't care, encouraging software that might show "failures" for things
>like changing line-ending characters, etc. Detached signatures allow the
>teeny number of people who might care about bit-level integrity to check
>it easily, and we already have working tools that can be used for them.

+1.  XMLDsig is to be avoided at all costs.  The only thing worse would be
to try to rewrite XMLDsig over from scratch so that mortals could
implement it.

-- 
Joe Hildebrand





More information about the rfc-interest mailing list