RE: [emergency-msg] cap:image and cap:audio

["Nasseam Elkarra" <nelkarra@opensec.org>]

> The spec as it stands carries audio files and images as references to
> the actual files.  While this reduces the size of the alert message,
it
> has a disadvantage.  If the message is digitally signed, the
protection
> this provides is not extended to the image/audio files.  So a hacker
> could replace the picture of a missing child with one of Mickey Mouse
> for example, and the security and validation mechanisms would not
detect
> the alteration.

Digitally signing the document includes the references so that should be
sufficient. A hacker would have to compromise the server holding the
multimedia files in order to be effective. A very possible scenario, but
taking into account that security aware agencies will be issuing CAP
alerts (hopefully!), we can assume that this scenario is highly
unlikely. If CAP issuers are pointing to multimedia files on another
party's server, we should recommend a local copy be made and that the
CAP alert point to that file instead.

I am being very optimistic because the truth is that hackers are a
problem. But CAP should not have to take into account all security
problems because it could get very bloated. Nonetheless, this topic is
an important one and I would like to hear what others have to say.

> I suggest we may want to actually embed the files in the xml document
> (as Base64 encoded strings perhaps), so that the message integrity can
> be verified.

Base64 encoding increases size by 33% plus you have to remember the
encoding/decoding process. I would prefer some kind of attachments
scheme similar to email attachments or SOAP with attachments where the
XML document refers to files that are coming up right behind it using
MIME/DIME.

Until next time,
Nasseam Elkarra
nelkarra@opensec.org