[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded
Trevor, > -----Original Message----- > From: Trevor Perrin [mailto:trevp@trevp.net] > Sent: Tuesday, March 25, 2003 10:27 PM > To: Nick Pope; dss@lists.oasis-open.org > Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded > > > At 12:42 PM 3/25/2003 -0800, Trevor Perrin wrote: > > >At 12:37 PM 3/25/2003 -0800, Trevor Perrin wrote: > > > >>Right, but then I think you need to sign both the XML *and* the > >>transformed, human-readable form. > > > >For example, an XML-DSIG could have 2 references, both to the same > >document, one of which applies a transform to make it > human-readable, the > >other of which doesn't. > > > >So the transforms (in this and other cases) still might need to be > >protected. > > > > Actually, never mind. As long as you've signed the > transformed data, the > transforms *don't* need to be protected, cause if the relying > party gets > corrupted transforms, the signature won't verify. So isn't > this all that > needs to be done?: This is not the threat model in my use case, rather the following: The relying party wants the signing party to sign a piece of XML; in order to let the signing party view the to-be-signed data in his client software, the relying party specifies a set of trans- forms to be applied to the XML; the result of the applying the transforms should then be signed by the signing party. But the signing party uses different transforms for changing the XML into the viewing format and then signs the transforms result (which is not the data intended by the relying party). The relying party gets the signature and verifies it. Since the signature can be verified successfully, the relying party thinks that everything has happened in the intended way and proceeds with processing the XML ... /Gregor > > >an XML-DSIG could have 2 references, both to the same > document, one of > >which applies a transform to make it human-readable, the > other of which > >doesn't. > > Trevor >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]