[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xri] Datetime for ds:Signature
If the new parts of ds:sig that Scott mentioned are backwards compatible, that may not be too bad. We have an existing expires element that arguably needs a wording change. We have certificate revocation for those that want x509 and other ways of verifying signatures for SAML meta-data etc. Other than perhaps for generational control what is the signing date good for? If it is to know what version of a XRD is the most current, that may be a good reason but shouldn't be part of the signature itself. John B. On 11-Aug-09, at 9:17 AM, Breno de Medeiros wrote: > I meant the extra properties for the XML signature. > > However, if we are not going to use this spec, we can have it in the > XRD document as long as it is signed. > > It is a good security principle in general to add a creation date in > items used for authentication. However, an attacker can post-date a > document if it manages to find a signing oracle or if it steals the > signing key, so in this example there is little to be gained. The only > sensible mechanism to revoke signed certificates is to revoke the key > used to sign any spurious items. > > On Tue, Aug 11, 2009 at 12:21 AM, RL 'Bob' > Morgan<rlmorgan@washington.edu> wrote: >> >> On Mon, 10 Aug 2009, John Bradley wrote: >> >>> XRD spec 2.2.2 >>> >>> 2.2.2. Element <Expires> >>> >>> This xs:dateTime value indicates the time instant after which the >>> document >>> is no longer valid and must not be used. >> >> This may already have been discussed, but the "must not be used" >> there makes >> me nervous, as there is a typical issue with this kind of thing. >> >> It may be taken to mean: after this time the party relying on this >> document >> must assume the info in the document is no longer true and must >> purge any >> record of this information from local storage. That is a tall >> order, and >> probably not what the signing party intends. Usually such an >> element means: >> the signer no longer guarantees the information in the signed >> document is >> true after this time, so the RP uses it at its own risk. >> >> To avoid getting into what "guarantees" means etc, it's pragmatic >> for a >> spec, rather than saying "must not be used", to say something like >> "the >> document does not validate after this time", as a processing rule. >> If >> that's what we want to say I suggest just removing the "and must >> not be >> used" from this sentence. >> >> - RL "Bob" >> >> >> --------------------------------------------------------------------- >> To unsubscribe from this mail list, you must leave the OASIS TC that >> generates this mail. Follow this link to all your TCs in OASIS at: >> https://www.oasis-open.org/apps/org/workgroup/portal/ >> my_workgroups.php >> > > > > -- > --Breno > > +1 (650) 214-1007 desk > +1 (408) 212-0135 (Grand Central) > MTV-41-3 : 383-A > PST (GMT-8) / PDT(GMT-7) > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]