OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-dd message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: Issue 088 - WS-Discovery - Using whitespaces in the expandedsignature cab result in different digest values


Please discard this thread.

 

From: Ram Jeyaraman
Sent: Monday, December 01, 2008 2:22 PM
To: 'ws-dd@lists.oasis-open.org'
Subject: Issue 088 - WS-Discovery - Using whitespaces in the expanded signature cab result in different digest values

 

This issue is assigned the number 088. For further discussions on this issue, please refer to this issue number or use this thread.

From: Vipul Modi
Sent: Sunday, November 30, 2008 7:11 PM
To: Ram Jeyaraman
Subject: New Issue: WS-Discovery - Using whitespaces in the expanded signature cab result in different digest values

 

Specification: WS-Discovery

Version: Working Draft 04

 

Issue:

WS-Discovery specification uses compact signature to achieve message integrity over UDP. The message signed with compact signature does not carry the full signature. The full signature is created by expanding the compact signature. The SignedInfo component of the expanded signature is included in the computation of the signature, hence it is critical that the receiver expands the compact signature in the way the sender created it. The canonicalization method do include the whitespace in the character content in the canonical XML. Thus if the sender had whitespace within the character content of SignedInfo, the receive would not know that and compute a different digest value for the SignedInfo part.  

 

Proposal:

Just like the sender and receiver MUST use “ds” prefix for the XMLDSIG namespace, they MUST NOT use whitespace insider the character content for the SignedInfo XML block.

 

 

Normative Changes:

Section 8.2, right after Table 13:

 

A compact signature is expanded into an XML Signature ds:SignedInfo using the following pseudo-code. The SignedInfo block within the expanded XML Signature MUST NOT use whitespaces inside the character content. This ensures that each party can compute a consistent digest value. The expanded signature example in Table 14 uses the whitespaces for illustration purposes only.

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]