I am not exactly sure I understand your question but in general you just need to sign the signatures in the right order: embedded signature first and embedding signature last.
Aleksey On 2/11/15 8:11 AM, Alex Boese wrote: > I guess the assumption I'm making is that any alteration of the signed block > prevents it from being reverted to its previous state. If the lib handling > the xml is smart enough on verification, it might as well reinsert the > missing namespaces. I guess that is regular behavior. > -A > > Sent from my iPad > >> On Feb 11, 2015, at 10:18 AM, Alex Boese <[email protected]> >> wrote: >> >> Is there a list of conditions that would be best practices for signed xml >> nodes embedded in signed xml nodes? I state this because it seems that an >> inside signature could be easily invalidated by the c14n process on the >> outer signature. >> >> I'm supposing best practice #1 would be to make sure all namespace prefixing >> within the internal node is different from the rest of the document, >> regardless of reuse of the namespace elsewhere. >> >> Is there anything else that comes to mind? >> >> -A >> >> Sent from my Planet > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
