RE: [ws-sx] Re: Issue PR014: Signature protection semanticsclarification

[Marc Goodner <mgoodner@microsoft.com>]

Title: Re: [ws-sx] Re: Issue PR014: Signature protection semantics clarification

There is not an open issue on this topic. No one has taken any action to open an errata issue to make the change as I suggested below.

 

From: Aditya Athalye [mailto:aditya.athalye@oracle.com]
Sent: Tuesday, June 19, 2007 4:36 AM
To: Marc Goodner
Cc: Jan Alexander; Duane Nickull; ws-sx@lists.oasis-open.org
Subject: Re: [ws-sx] Re: Issue PR014: Signature protection semantics clarification

 

Folks,

Is this issue still under discussion or it has been dropped? ;-)

Cheers
Aditya

Marc Goodner wrote:

Guys, that was a public review issue and was closed in February. Does anyone feel strongly enough about this to open a new errata issue to change the text?

 

From: Jan Alexander [mailto:janalex@microsoft.com]
Sent: Monday, June 11, 2007 11:26 PM
To: Duane Nickull; Aditya Athalye
Cc: ws-sx@lists.oasis-open.org
Subject: RE: [ws-sx] Re: Issue PR014: Signature protection semantics clarification

 

I’m okay with the proposal below to clarify the WS-SP spec wording around the [Signature Protection] property.

 

From: Duane Nickull [mailto:dnickull@adobe.com]
Sent: Thursday, June 07, 2007 9:22 AM
To: Aditya Athalye; Jan Alexander
Cc: ws-sx@lists.oasis-open.org
Subject: Re: [ws-sx] Re: Issue PR014: Signature protection semantics clarification

 

+1

Specific is good.

Duane Nickull


On 6/7/07 8:22 AM, "Aditya Athalye" <aditya.athalye@oracle.com> wrote:

Hi Jan,

That was a good point to include this in [Signature Protection] property "The primary signature element is not required to be encrypted if the value is ‘true’ when there is nothing else in the message that is encrypted".

However, I have a question here: Instead of saying "nothing else in the message", shouldn't we be more specific and say:

"The primary signature element is not required to be encrypted if the value is ‘true’ when there is nothing in the message that is covered by this signature  encrypted".

Let us take the following case:

<soap:Envelope>
  <soap:Body>
    <abc Id="abc">...</abc>
    <xyz Id="xyz">...</xyz>
 </soap:Body>
</soap:Envelope>

If you encrypt <abc>, and sign <xyz>, you create a signature

<ds:Signature>
  <ds:Reference URI="#xyz"/>
</ds:Signature>

Now going by the original statement in the spec, it would be ok to encrypt this signature whereas the element it covers is still left in the clear. In this case also IMO, there is no significant gain in the security.

If however, abc is signed using this primary signature, then encrypted, and then if this signature was confidentiality protected, it would be more meaningful.

So IMO, the primary signature element should be protected (when the property is true of course) when it covers at least something which is encrypted, and not anything in the message which is encrypted which I infer from the original clause.

Please share your thoughts.

Thanks
Aditya
 

--
************************************************************
Sr. Technical Evangelist - Adobe Systems, Inc.             *
Chair - OASIS SOA Reference Model Technical Committee      *
Blog: http://technoracle.blogspot.com                      *
My Music: http://www.mix2r.com/audio/by/artist/22ndcentury *
My Band: http://www.myspace.com/22ndcentury                *
************************************************************