santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Raul Benito" <r...@apache.org>
Subject Re: Microsoft Office12 Postmark will not verify
Date Wed, 28 Feb 2007 16:28:11 GMT
Any fail of a reference or the Signedinfo is a failure. In the real world it
will means that somebody has tampered the signature to fix a tampered
referenced. Or somebody has just tampered the referenced and has been lazy
to update the signature.
But in the developing world use to means wrong transformations,
unintentional tampering. etc for checking this we have some debugging
methods that can give you more info about what has fail. See the
XMLSignature API and examples of using the methods.

Regards,
p.s. If you have a better way of exposing this info, don't hesitate in tell


On 2/28/07, Scott Cantor <cantor.2@osu.edu> wrote:
>
> > I'll still open a bug to have more information come back froma failed
> > verify than true/false.  XML signatures are way too complex to only have
> > pass/fail.
>
> It's actually true both ways...you need more information even if it passes
> or you have no way to know what's been signed. I do not have a rational
> proposal to offer for that, however.
>
> -- Scott
>
>
>
>


-- 
http://r-bg.com

Mime
View raw message