OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded

At 06:40 PM 3/29/2003 -0500, Rich Salz wrote:


> > Trevor wrote:
> > [...] Would a "sign the transforms, but not the transformed output" 
> approach be
> > similarly simple? [...]
>
>It couldn't be simpler:  SHA1 hash of the C14N of the two xml documents:
>     <Reference URI="http://www.example.com/source/foo.xml">
>        <Transforms>
>          <Transform Algorithm="http://w3c.org/2001/dsig/transform#c14n"/>
>        </Transforms>
>        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>        <DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue>
>     </Reference>
>     <Reference URI="http://www.exmaple.com/xform/foo.xslt"">
>        <Transforms>
>          <Transform Algorithm="http://w3c.org/2001/dsig/transform#c14n"/>
>        </Transforms>
>        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>        <DigestValue>Q52xy4a9289mvDl1up4sbEVU89x=</DigestValue>
>     </Reference>

That's just a signature on 2 documents, one of which happens to be a 
transform.  How would a recipient of the signature know that the signer's 
intent is to commit to the results of treating the second document as a 
transform and applying it to the first document?  Suppose there were 
multiple documents, and multiple transforms, and some of the documents were 
transformed multiple times?  How would the signer communicate which 
transform(s) go with which documents, in which order?  What I was 
suggesting makes this clear, it just doesn't work well in the case where 
different engines applying the same transforms might produce different 
outputs, and canonicalization algorithms don't exist.

At the end of the day, I don't think it's in our charter to solve this 
problem (of signing both data and a user's view of the data), we just need 
to ensure it's *solvable* within the DSS protocol.  Would it be possible to 
flesh out your proposal, and determine what requirements (if any) it adds 
to the protocol?

Trevor

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]