Re: Detached signature of non-sibling elements (?) from helpcrypto helpcrypto on 2014-08-28 (public-xmlsec-comments@w3.org from August 2014)

From: helpcrypto helpcrypto <helpcrypto@gmail.com>
Date: Thu, 28 Aug 2014 08:37:20 +0200
To: Frederick Hirsch <w3c@fjhirsch.com>
Cc: public-xmlsec-comments@w3.org, "public-xmlsec@w3.org List Public" <public-xmlsec@w3.org>
Message-ID: <CAHMQSgv0dazPu2NxfDtRSW0deXtQRkH9KctDaPLz6Sa+qXr+VA@mail.gmail.com>

On Wed, Aug 27, 2014 at 3:02 PM, Frederick Hirsch <w3c@fjhirsch.com> wrote:

>
> ...
>
> (1) Change the following text in Section 2, Overview, as follows:
> Replace
> [[
> Detached signatures
> <http://www.w3.org/TR/xmldsig-core1/#def-SignatureDetached> are over
> external network resources or local data objects that reside within the
> same XML document as sibling elements; in this case, the signature is
> neither enveloping (signature is parent) nor enveloped (signature is child).
> ]]
> with
> [[
> Detached signatures
> <http://www.w3.org/TR/xmldsig-core1/#def-SignatureDetached> are over
> external network resources or local data objects that reside within the
> same XML document as sibling elements or the descendants of those sibling
> elements; in this case, the signature is neither enveloping (signature is
> parent) nor enveloped (signature is child).
> ]]
>

What about something like:
<root>
    <my-doc>
        <my-data>
            <node Id="n"></node>
        <my-data>
    </my-doc>
    <my-metadata>
        <my-sign>
            <Signature ...>
                ...
                <Reference URI="#n">
                ...
            </Signature>
        </my-sign>
    </my-metadata>
</root>
According to your definition, it wont be valid (neither sibling or sibling
descendant). *Should it be valid?*

If anything that is not enveloping nor enveloped IS a detached, I would
better suggest:
Detached signatures
<http://www.w3.org/TR/xmldsig-core1/#def-SignatureDetached> are over
external network resources or local data objects that reside within the
same XML document; that is, the signature is neither enveloping (signature
is parent) nor enveloped (signature is child).


(2) Change the following test in the Definitions section  (section 10) for
> the definition term “Signature, Detached”:
> Change
> [[
> "This definition typically applies to separate data objects, but it also
> includes the instance where the Signature and data object reside within
> the same XML document but are sibling elements.”
> ]]
> to
> [[
> "This definition typically applies to separate data objects, but it also
> includes the instance where the Signature and data object reside within
> the same XML document but the data object is a sibling element to the
> Signature or descendant of the sibling element."
> ]]
>

And to: "This definition typically applies to separate data objects, but it
also includes the instance where the Signature and data object reside
within the same XML document.”



As far as the Microsoft page is concerned, I see nothing wrong with it.
>
They are talking about internally and externally detached which is
non-normative. (In fact is the only place that seems to make that
distinction)


Thanks for noting this issue.
>
Thanks you for your time and consideration.

Awaiting your replies,
Regards

Received on Thursday, 28 August 2014 06:42:44 UTC