W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Questions regarding to "Test Suite for the XML Digital Signatures For Widgets Specification "

From: Andrey Nazarov <Andrey.Nazarov@oracle.com>
Date: Thu, 27 Jan 2011 20:12:28 +0300
Message-ID: <4D41A77C.1040605@oracle.com>
To: public-webapps@w3.org
Hello All,
I hope it is right place to ask about Test Suite for the XML Digital Signatures 
For Widgets Specification.
If not,  where is better?

I. Test 19rsa.wgt.

I found that the author-signature.xml and signature1.xml files were corrected 
today (27-Jan-2011).
It seems to me that this correction broken correspondence betwee specification 
and test.

Why values of the "CanonicalizationMethod Algorithm" attribute of SignedInfo and 
"Transform Algorithm" attribute of Reference were changed to the same value 
http://www.w3.org/TR/2001/REC-xml-c14n-20010315?

The specification document "Digital Signatures for Widgets W3C Candidate 
Recommendation 24 June 2010"
(http://www.w3.org/TR/widgets-digsig/#xmldsig11)
has the following sentences:

1. The following canonicalization algorithms /MUST/ be supported by an 
implementation <http://dev.w3.org/2006/waf/widgets-digsig/#implementation>:
Exclusive XML Canonicalization 1.0 (omits comments) [XML-exc-C14N] 
<http://dev.w3.org/2006/waf/widgets-digsig/#xml-exc-c14n>:|http://www.w3.org/2001/10/xml-exc-c14n#|
(see chapter8.3. Canonicalization Algorithms)
I think it means that the "CanonicalizationMethod Algorithm" attribute of 
SignedInfo must be |http://www.w3.org/2001/10/xml-exc-c14n#

2. |A |ds:Reference| to same-document XML content /MUST/ have a |ds:Transform| 
element child that specifies the canonicalization method. Canonical XML 1.1 
/MUST/ be specified as the Canonicalization Algorithm for this transform.
(see chapter9.2. Common Constraints for Signature Generation and Validation)
I think it means that the "Transform Algorithm" attribute of ds:Transform must 
be http://www.w3.org/2006/12/xml-c14n11.

||3. An implementation /SHOULD/ be able to process a |ds:Reference| to 
same-document XML content when that |ds:Reference| does not have a 
|ds:Transform| child element, for backward compatibility. In this case the 
default canonicalization algorithm Canonical XML 1.0 will be used.
(see chapter9.2. Common Constraints for Signature Generation and Validation)
I think only for this case could be used the 
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315" URI.

Why this correction was done?

II. Test 19dsa.wgt.
Could somebody confirm that this test is correct?
The deal is when I look on the certificate that is  used for this test I see 
that it contain information about DSA Public Key, but the Signature Algorithm 
for this certificate is pointed as SHA1withRSA. Is it correct?

Thank you in advance,
Andrey
Received on Thursday, 27 January 2011 18:08:33 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:43 GMT