OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded

Trevor,

> -----Original Message-----
> From: Trevor Perrin [mailto:trevp@trevp.net] 
> Sent: Tuesday, March 25, 2003 10:27 PM
> To: Nick Pope; dss@lists.oasis-open.org
> Subject: RE: [dss] Groups - dss-requirements-1.0-draft-02.doc uploaded
> 
> 
> At 12:42 PM 3/25/2003 -0800, Trevor Perrin wrote:
> 
> >At 12:37 PM 3/25/2003 -0800, Trevor Perrin wrote:
> >
> >>Right, but then I think you need to sign both the XML *and* the
> >>transformed, human-readable form.
> >
> >For example, an XML-DSIG could have 2 references, both to the same
> >document, one of which applies a transform to make it 
> human-readable, the 
> >other of which doesn't.
> >
> >So the transforms (in this and other cases) still might need to be 
> >protected.
> 
> 
> 
> Actually, never mind.  As long as you've signed the 
> transformed data, the 
> transforms *don't* need to be protected, cause if the relying 
> party gets 
> corrupted transforms, the signature won't verify.  So isn't 
> this all that 
> needs to be done?:

This is not the threat model in my use case, rather the following:

The relying party wants the signing party to sign a piece of XML;
in order to let the signing party view the to-be-signed data in
his client software, the relying party specifies a set of trans-
forms to be applied to the XML; the result of the applying the
transforms should then be signed by the signing party.

But the signing party uses different transforms for changing the
XML into the viewing format and then signs the transforms result
(which is not the data intended by the relying party).

The relying party gets the signature and verifies it. Since the
signature can be verified successfully, the relying party thinks
that everything has happened in the intended way and proceeds 
with processing the XML ...

/Gregor

> 
> >an XML-DSIG could have 2 references, both to the same 
> document, one of
> >which applies a transform to make it human-readable, the 
> other of which 
> >doesn't.
> 
> Trevor 
>

smime.p7s

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]