This document provides a summary of non-editorial changes in XML Signature 1.1 from the XML Signature Second Edition Recommendation.
In the case of any difference between this document and the XML Signature 1.1 specification [[XMLDSIG-CORE1]], the XML Signature 1.1 specification is authoritative. This is a non-normative NOTE track document.
This document summarizes non-editorial changes in XML Signature 1.1 from the XML Signature Second Edition Recommendation. A detailed summary of all changes by document section is also available.
For all algorithms added, algorithm identifiers and information were added to the specification.
SHA-1but allow it for compatibility
SHA-1use is DISCOURAGED (but support is still REQUIRED).
SHA-1to state that use is DISCOURAGED (but still REQUIRED).
HMAC-SHA1to state that use is DISCOURAGED
DSAwithSHA1is only REQUIRED as Signature algorithm for Signature verification, but is OPTIONAL for Signature generation. Previously it was REQUIRED for both.
HMAC-SHA512to RECOMMENDED (from OPTIONAL).
DEREncodedKeyValue- new representation for public keys
KeyInfoReference- alternative to
RetrievalMethodaccess to a
KeyInfoelement that does not require use of a
Transformis needed to obtain content of
KeyInfoReferenceto SHOULD instead of
RetrievalMethodto encourage use of new
KeyInfoReferenceelement instead of
dsig11:OCSPResponseto list of elements that may be included
dsig11:X509Digestto list of elements that may be included, to support reference via base64-encoded digest of a certificate
X509IssuerSerialand possible issue with schema validation when large serial numbers are used.
X509Datain explicitly trusted scenarios.
Referencevalidation since changes could occur in serialization after
SHA-256in preference to
URLfrom DTD DOCTYPE definitions.