Re: [dss] RE: <DocumentURI>

[Trevor Perrin <trevp@trevp.net>]

At 11:59 AM 10/23/2003 -0400, Rich Salz wrote:
>Trevor wrote:
>>There's a security concern, if the client asks the server to sign 
>>something the server has access to, but the client doesn't.
>
>It is a HUGE security issue.  Suppose, for example, the DSS is running on 
>a Unix box and I send it a request for an enveloping signature of 
>"file:///home/root/passwords" or some such?
>
>Suppose I say "here's the URL I want you to sign", but the URL is one of 
>those phony "click here to get off our mailing list" spam things?

I hadn't thought of those.  Hmm.  I guess I lean towards taking this 
out.  It's usefulness is as an optimization, but
  - you can only achieve that optimization when the doc happens to be on 
the web somewhere.  Which doesn't seem common,
  - it only shifts the burden of retrieving the document from client to server,
  - you can achieve the same optimization with client-side hashing,
  - and it's risky.

So I think Rich and myself vote against this, Gregor for it.  I'm not sure 
if anyone else has come down solidly one way or the other?

Trevor