Aleksey: The principal problem I have with this change is that it is very difficult (at least for me to figure out) to specify the sig:Signature node as part of the xpath specification since it contains a namespace reference. In other words, you proposed using something like, --node-xpath '//Contact/*[6]' Unfortunately, the [6] reference is problematic since the number of elements changes in all my documents. I'd prefer something like, --node-xpath '//Contact/Signature' -or- --node-xpath '//Contact/sig:Signature' but neither of them is legal/understood by XPath. The first one doesn't find Signature and for the second one the NS prefix sig is undefined. If there's a reasonably simple XPath expression that I can append to my XPath to point to the embedded Signature node, then I could live with that. Failing that, it's pretty unusable for dsig as it is in 0.0.13. Additionally, I didn't really think that the previous implementation was badly inconsistent -- for encryption/decryption you pointed to the node to be encrypted/decrypted, for signature you pointed to the node containing the Signature element which *usually* (or at least could be) the node being signed/verified. I can live with it either way that will work. If there's a way to specify the Signature NS as part of the xpath specification then while it's more work I can still use it. If the appl looks for Signature as a member element of the specified node, then I don't have to change what I'm already doing. Give me a clue as to how it can/should be fixed/changed and I'll go take a shot at fixing it and sending you the diff's. Thanks! Ferrell
-----Original Message----- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 2:01 PM To: Moultrie, Ferrell (ISSAtlanta) Cc: [EMAIL PROTECTED] Subject: Re: [xmlsec] signing failure with 0.0.13 that work with 0.0.10 Oh, now I remember! Well, the main reason for this is that I would prefer to have the same semantics for the Encryption and Signature. In encryption case, you can use "--node-xpath" to specify the "start" node you want to encrypt. It seems logical to me, that you can use the same option to specify the "start" node you want to sign, verify or decrypt. However, I don't have any strong feeling about that so I can make it work the way you need. Aleksey _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
