Nick,
For an enveloping signature - moving the namespace to the root should be
fine, as the namespace is extant over the entire sub-tree that is being
signed. However if you have an enveloped signature, you might run into
problems, depending on the type of canonicalisation you use. If it is
s
> Larry,
>
> I understand what you're saying but canonicalisation
> and subsequent validation only happens on the
> Signature block. By moving the namespace declaration
> to the root element I have effectively removed the
> namespace from being part of the canonicalised
> representation. This would
Larry,
I understand what you're saying but canonicalisation
and subsequent validation only happens on the
Signature block. By moving the namespace declaration
to the root element I have effectively removed the
namespace from being part of the canonicalised
representation. This would therefore inva
Nick:
Unless I am missing something in your example, what you are describing is
the very motivation behind the need for canonicalization of xml for digital
signatures.
By specifying the exact canonicalization method used at the time of signing,
at the point of verification the exact xml can be re
