[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: Issue 088 - WS-Discovery - Using whitespaces in the expandedsignature cab result in different digest values
Please discard this thread. From: Ram Jeyaraman This issue is assigned the
number 088. For further discussions on this issue, please refer to this issue
number or use this thread. From: Vipul Modi Specification: WS-Discovery Version: Working Draft 04 Issue: WS-Discovery specification uses compact signature to achieve
message integrity over UDP. The message signed with compact signature does not
carry the full signature. The full signature is created by expanding the
compact signature. The SignedInfo component of the expanded signature is
included in the computation of the signature, hence it is critical that the
receiver expands the compact signature in the way the sender created it. The
canonicalization method do include the whitespace in the character content in
the canonical XML. Thus if the sender had whitespace within the character
content of SignedInfo, the receive would not know that and compute a different
digest value for the SignedInfo part. Proposal: Just like the sender and receiver MUST use “ds” prefix for
the XMLDSIG namespace, they MUST NOT use whitespace insider the character
content for the SignedInfo XML block. Normative Changes: Section 8.2, right after Table 13: A compact signature is expanded into an XML Signature ds:SignedInfo
using the following pseudo-code. The SignedInfo block within
the expanded XML Signature MUST NOT use whitespaces inside the character
content. This ensures that each party can compute a consistent digest value.
The expanded signature example in Table 14 uses the whitespaces for
illustration purposes only. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]