There is not an open issue on this topic. No one has taken any
action to open an errata issue to make the change as I suggested below.
From: Aditya Athalye [mailto:aditya.athalye@oracle.com]
Sent: Tuesday, June 19, 2007 4:36 AM
To: Marc Goodner
Cc: Jan Alexander; Duane Nickull; ws-sx@lists.oasis-open.org
Subject: Re: [ws-sx] Re: Issue PR014: Signature protection semantics
clarification
Folks,
Is this issue still under discussion or it has been dropped? ;-)
Cheers
Aditya
Marc Goodner wrote:
Guys, that was a public review issue and was closed in February.
Does anyone feel strongly enough about this to open a new errata issue to
change the text?
I’m okay with the proposal below to clarify the WS-SP spec
wording around the [Signature Protection] property.
+1
Specific is good.
Duane Nickull
On 6/7/07 8:22 AM, "Aditya Athalye" <aditya.athalye@oracle.com>
wrote:
Hi Jan,
That was a good point to include this in [Signature Protection] property "The primary
signature element is not required to be encrypted if the value is
‘true’ when there is nothing else in the message that is encrypted".
However, I have a question here: Instead of saying "nothing else in the
message", shouldn't we be more specific and say:
"The primary signature element is not required to be encrypted if the
value is ‘true’ when there is nothing in the message
that is covered by this signature encrypted".
Let us take the following case:
<soap:Envelope>
<soap:Body>
<abc Id="abc">...</abc>
<xyz Id="xyz">...</xyz>
</soap:Body>
</soap:Envelope>
If you encrypt <abc>, and sign <xyz>, you create a signature
<ds:Signature>
<ds:Reference URI="#xyz"/>
</ds:Signature>
Now going by the original statement in the spec, it would be ok to encrypt this
signature whereas the element it covers is still left in the clear. In this
case also IMO, there is no significant gain in the security.
If however, abc is signed using this primary signature, then encrypted, and
then if this signature was confidentiality protected, it would be more
meaningful.
So IMO, the primary signature element should be protected (when the property is
true of course) when it covers at least something which is encrypted, and not
anything in the message which is encrypted which I infer from the original
clause.
Please share your thoughts.
Thanks
Aditya
--
************************************************************
Sr. Technical Evangelist - Adobe Systems, Inc.
*
Chair - OASIS SOA Reference Model Technical Committee
*
Blog: http://technoracle.blogspot.com
*
My Music: http://www.mix2r.com/audio/by/artist/22ndcentury
*
My Band: http://www.myspace.com/22ndcentury
*
************************************************************