Re: Signature in Wrong Position from Anders Rundgren on 2016-01-17 (public-webpayments@w3.org from January 2016)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sun, 17 Jan 2016 14:10:14 +0100
To: Henry Story <henry.story@bblfish.net>, Web Payments <public-webpayments@w3.org>
Message-ID: <569B92B6.9060106@gmail.com>

On 2016-01-17 13:55, Henry Story wrote:
> I was looking at the Linked Data Signatures document
>
>    https://web-payments.org/specs/source/ld-signatures/
>
> I am not sure if this is the right list to discuss this.
>
> I am really keen to have something like this to work, and I like
> most of it off the bat. But looking a bit closer I noticed what
> I think is a serious error that has an easy fix though.
>
> The mistake is to put the signature *inside* the graph.
> Take example 1:
>
> {
>    "@context": "https://w3id.org/identity/v1",
>    "title": "Hello World!",
>    "signature": {
>      "type": "LinkedDataSignature2015",
>      "creator": "http://example.com/i/pat/keys/5",
>      "created": "2011-09-23T20:21:34Z",
>      "domain": "example.org",
>      "nonce": "2bbgh3dgjg2302d-d2b3gi423d42",
>      "signatureValue": "OGQzNGVkMzVm4NTIyZTkZDYMmMzQzNmExMgoYzI43Q3ODIyOWM32NjI="
>    }
> }
>
> In short: Signatures should be external to the graph, since that is the object
> of the signature. By placing it inside the graph as above the problem is
>
> 1. the algorithm needs to remove elements from the signed graph

Yes, but that is not such a big issue compared to the quite elaborate canonicalization required by this scheme.

> 2. The algorithm won't be able to cope with alignement of ontologies such as
>    a different relation being discovered to be owl:sameAs the :signature
>    relation above. If another such widely used vocabulary is found, or perhaps even
>    if the current vocabulary is extended then the signature verification systems won't
>    necessarily be able to understand to remove those relations too.

Obviously any kind of scheme effectively introduces "reserved words".

>
> It is much better to put the signature outside of the graph. Then
>
> 1. The algorithm won't need to contain any condition about removing any relation
> which will be a lot better for large graphs, and speed up verification.
> 2. New relations could be found or the vocabulary could be extended without changing
> the signature verification algorithm.
>
> Another way to think of this is that a named graph can always be mapped to a literal.
> ( This is why one can think of named graphs as already implicitly contained in RDF/XML )
> Signing documents is always external to the document in those circumstances.

Then you might as well use IETF's JWS:
   {
     "payload": "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ",
     "protected": "eyJhbGciOiJFUzI1NiJ9",
     "signature": "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8IS lSApmWQxfKTUJqPP3-Kg6NU1Q"
   }

Highly related stuff:
https://cyberphone.github.io/openkeystore/resources/docs/jcs.html#ECMAScript_Compatibility_Mode

Anders

>
> Henry Story
>
>
>

Received on Sunday, 17 January 2016 13:10:47 UTC