W3C home > Mailing lists > Public > public-xmlsec@w3.org > August 2008

Re: Some strawman ideas for a minimum DSig profile

From: Bruce Rich <brich@us.ibm.com>
Date: Tue, 26 Aug 2008 07:34:24 -0500
To: public-xmlsec@w3.org
Message-ID: <OF2111E537.C209A92A-ON862574B1.0043763A-862574B1.00451263@us.ibm.com>
Sean,

I am in sympathy with your approach.  However, the processing order you 
suggest below (which may be correct for performance)
is contrary to that which is recommended for Best Practice #1 (
http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#denial-of-service
).
It may be too early to consider that dimension as well, but at some point 
we will need to think about mitigation of risk in a highly-performant 
profile.
It may be that we can sidestep the issue by excluding from the profile the 
type of interactions that drove the best-practices recommendation.

Bruce A Rich
brich at-sign us dot ibm dot com


Sean Mullan wrote on 08/21/2008 12:22:49 PM:

> 
> It also occured to me that many of these minimal processing and 
> verification issues could be solved if the xml signature was always 
> stored in a separate xml document, and somehow safely associated or 
> packaged with what it is signing (like a zip file). Then a validator 
> could first parse/verify the signature, authenticate the signer, and 
> then validate the reference digests in the document(s) in a streaming 
> manner. Has anyone thought about that and making this a requirement for 
> a minimal profile?
> 
Received on Tuesday, 26 August 2008 12:35:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:54 GMT