Re: [xri] SimpleSign Implementation

[Ben Laurie <benl@google.com>]

On Mon, Dec 22, 2008 at 1:29 AM, Nat Sakimura <n-sakimura@nri.co.jp> wrote:
> Hi.
>
> No, it si not silly. It is a good question to ask.
>
> My answer would be:
>
> a) TLS is only a security for the pipes. It does not protect the message per
> se.
>  With a signed document, you can verify the authenticity and validity of a
> cache / detached document.
> b) TLS requires a dedicated IP address. Sites like Google providing services
> to
>  the companies in the companies' domain do not have enough IP address to
> server TLS.
>  This is another reason.

This is not actually true anymore - you can use the SNI extension to
share an IP address. Because legacy browsers don't support it, it
isn't so great for websites, but for a specialist application like
retrieving XRD it would work just fine.

> c) There are not enough XMLDSIG implementations yet, and it is complex to
> implement yourself.
>  This is becoming a hinderance to the adoption.
>
> a) and b) calls for a message based protection. This calls for something
> like XML Dsig.
> c) Calls for something simpler than XML Dsig.

Or more implementations.

>
> Therefore, we have SimpleSign.
>
> Regards,
>
> =nat
>
> Joseph Anthony Pasquale Holsten wrote:
>>
>> I'm trying to wrap my head around the security implications of
>> SimpleSign, and I'm wondering where exactly it is better than TLS or
>> XMLDSIG.
>>
>> While SimpleSign is designed to be easy to implement, it still has
>> less implementations than TLS, or even XMLDSIG. There is also less
>> existing security analysis, test cases, &c.
>>
>> The certificate from SimpleSign is X509, so depends upon the support
>> of a CA. A certificate will only be valid if the subject applies to
>> the CannonicalID. Getting such a certificate will cost the same as a
>> TLS certificate, if they are not the identical.
>>
>> Why should I use a SimpleSign implementation instead of TLS or XMLDSIG?
>>
>> Some possible answers:
>> * You shouldn't. (NO!!!)
>> * Using TLS would require either all resources must be encrypted and
>> sign (significant overhead), or that the XRD must be available under
>> TLS while other resources may not (significant complexity).
>>  * Using TLS means that an XRD cannot be provided under restrictive
>> hosting environments, as it cannot be implemented by uploading a PHP
>> script over FTP.
>> * Using XMLDSIG requires either a custom implementation (error
>> prone), or support for a known-good implementation (restricted
>> environments).
>> * SimpleSign is simple enough that an amateur can implement it
>> without worry of error, is easy to host, and allows flexible security
>> for other resources.
>>
>> http://josephholsten.com
>>
>> PS. I'm still trying to get up to speed with everything in XRI, so
>> I'm sorry if I ask silly questions
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail.  Follow this link to all your TCs in OASIS at:
>> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>