OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: From OASIS digital signatures services TC: request of comments (Answer by Ed Simon)



Dear all,
I received an answer to my email on the transformation chain
by Ed Simon.

See below:

--------------------------

Wrt issue 1, an XML Signature <Reference> element does, as you say, only
sign the result of the applying the transforms to the referenced data.
Indeed, it is possible that one could change only the referenced data, only
the transforms, or both the referenced data and transforms, and achieve the
same final result.  This is fine if the only material data that needs to be
signed is the resultant and I can imagine legitimate scenarios where the
referenced data and transforms are changed with care taken not to alter the
signed result.

If it is important for your protocol to protect the integrity of the
referenced data and/or the transforming code, then your XML Signature
processing needs to mandate that, probably using additional
SignedInfo/Reference constructs.

In issue 2, you need to ensure that all data relevant to making the
signature useful is indeed signed.  It makes no sense for example to sign an
HTML page but not its linked images, if those images are essential to the
reason the signature is being implied.  XML Signature provides the basis for
signing multiple documents (in whole or in part) but cannot define for
specific application scenarios, what to sign.  It is up to protocol and
application designers to subclass XML Signature (eg. have something
conformant to the XML Signature schema but more constrained) according to
the specific needs of that protocol or application.

For issue 2, you could sign both the raw data and the transformed result,
AND have your protocol define the exact requirements in relating the two.
Verifying that those exact requirements have been met is beyond the scope,
intentionally, of XML Signature; such requirements belong in the utilizing
protocol specifications.

At one point I recall, the XML Signature group did discuss the topic of,
what I would call, "signing the user's experience".  What a user sees may be
dependent not only on the raw data or XML tranforms, but also the transform
engine, the browser version, the existence of script engines, the fonts
available on the machine, the pixel resolution of the monitor, ad infintum.
Generally, there is no practical way to have perfect mathematical certainty
connecting the a user's experience with application data.  However, from a
legal standpoint, such perfect certainty is not necessary.  For more detail
on this matter, may I highly recommend the "Legal Considerations" chapter in
the new book "Web Services Security" (see my website
"http://www.xmlsec.com/" or
"http://www.amazon.com/exec/obidos/ASIN/0072224711/vordel-20/no-sim/104-3423
601-8567918" for details).

Regards, Ed

----------------------------------------------------------------------------
-------------------------------------------
Ed Simon
<edsimon@xmlsec.com>
(613) 726-9645
XMLsec Inc.

Interested in XML Security Training and Consulting services?  Visit
www.xmlsec.com.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]