OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xri message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xri] Secure XRD Proposals

Now I can see the reasoning more clearly.

If we allow both detached and inline signature, we need a wrapper.
SXRD is just that.

Now that I see the rationale, I would go farther to smothing like

 <SDSIG>

  <Signature>...signature over the decoded text of base64 encoded data ...</Signature>
  <KeyInfo>... certificate used for signature ...</KeyInfo>

  <Data type="http://oasis-open.org/specs/xri/xrd-1.0">... base64-encoded Data ...</Data>
 </SDSIG>

We do not need raw XRD there. The above is pretty generic and can be used almost for anything...
Note the SDSIG/DATA/@type . This is the meta information on what the Data. In our particular case, it is going to be XRD.

=nat

Peter Davis wrote:
4CCA6F99-B14C-4D79-8CAE-60BEC085DEDA@neustar.biz" type="cite"> 
Out of curiosity, what was the motivation for the introduction of the
SXRD element for the signature in proposal 1?

=peterd

On Dec 17, 2008, at 8:54 PM, n-sakimura@nri.co.jp wrote:

  
Hi

I have created a page:

http://wiki.oasis-open.org/xri/XrdOne/SecureXrd

It is the result of some private message exchange among me, Brian
and John.

If we were to forget about the backward comaptibility to XRDS2.0, I
personally like 1.2 SAML POST Simple Sign Binding style.

Otherwise, I like 1.3 Backword Comaptible XRD.

Related, but separet topic beside the format is whether to include
SigAlg in a signed material. XML Sig calls for SigAlg to be included
in the signed material citing weak algorithm attack. Then, there is
an argument that while theoretically interesting, the real risk is
very small.

Please discuss on this as well.

Actually, if we take 1.2 SAML Simple Sign Style, we can get SigAlg
outside of XRD and still sign it, so it is quite nice.
    

Peter Davis: NeuStar, Inc.
Director & Distinguished Member of the Technical Staff
45980 Center Oak Plaza Sterling, VA 20166
[T] +1 571 434 5516 [E] peter.davis@neustar.biz [W] http://www.neustar.biz/
  [X] xri://@neustar*pdavis [X] xri://=peterd
The information contained in this e-mail message is intended only for
the use of the recipient(s) named above and may contain confidential
and/or privileged information. If you are not the intended recipient
you have received this e-mail message in error and any review,
dissemination, distribution, or copying of this message is strictly
prohibited. If you have received this communication in error, please
notify us immediately and delete the original message.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]