[xmlsec] Xml embedded signatures

[Alex Boese]

Is there a list of conditions that would be best practices for signed xml nodes embedded in signed xml nodes? I state this because it seems that an inside signature could be easily invalidated by the c14n process on the outer signature.

I'm supposing best practice #1 would be to make sure all namespace prefixing within the internal node is different from the rest of the document, regardless of reuse of the namespace elsewhere.

Is there anything else that comes to mind?

-A

Sent from my Planet