W3C home > Mailing lists > Public > public-xmlsec@w3.org > August 2008

Re: Some strawman ideas for a minimum DSig profile

From: Sean Mullan <Sean.Mullan@Sun.COM>
Date: Tue, 26 Aug 2008 09:19:27 -0400
To: Bruce Rich <brich@us.ibm.com>
Cc: public-xmlsec@w3.org
Message-id: <48B402DF.8060606@sun.com>

Actually, my approach would be consistent with best practice #1. The 
detached signature is validated first and then the references are validated.

--Sean

Bruce Rich wrote:
> 
> Sean,
> 
> I am in sympathy with your approach.  However, the processing order you 
> suggest below (which may be correct for performance)
> is contrary to that which is recommended for Best Practice #1 
> (http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#denial-of-service). 
> 
> It may be too early to consider that dimension as well, but at some 
> point we will need to think about mitigation of risk in a 
> highly-performant profile.
> It may be that we can sidestep the issue by excluding from the profile 
> the type of interactions that drove the best-practices recommendation.
> 
> Bruce A Rich
> brich at-sign us dot ibm dot com
> 
> 
> Sean Mullan wrote on 08/21/2008 12:22:49 PM:
> 
>  >
>  > It also occured to me that many of these minimal processing and
>  > verification issues could be solved if the xml signature was always
>  > stored in a separate xml document, and somehow safely associated or
>  > packaged with what it is signing (like a zip file). Then a validator
>  > could first parse/verify the signature, authenticate the signer, and
>  > then validate the reference digests in the document(s) in a streaming
>  > manner. Has anyone thought about that and making this a requirement for
>  > a minimal profile?
>  >
Received on Tuesday, 26 August 2008 13:20:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:54 GMT