W3C home > Mailing lists > Public > public-xmlsec@w3.org > November 2008

RE: ACTION-85 - Update the proposal on a ByteRange Transform

From: Chris Solc <csolc@adobe.com>
Date: Tue, 11 Nov 2008 06:01:30 -0800
To: Frederick Hirsch <frederick.hirsch@nokia.com>
CC: XMLSec WG Public List <public-xmlsec@w3.org>
Message-ID: <686848D3189C0845A6E5FA781D6A0FFF05C019708E@nambx03.corp.adobe.com>

1. I don't know of a specific uses case but if the group believes we need that level of granularity we could look at what is the best bit padding mechanism.

2. I would think byte/bit ranges signatures are susceptible to the same types of attacks that you can get by using XPath filtering.

3. You couldn't sign a specific bit range, see #1.

4. I don't know if there is a issue with the concatenation of byte/bit ranges because if the definition of the byte ranges is also covered by the signature.


-----Original Message-----
From: Frederick Hirsch [mailto:frederick.hirsch@nokia.com]
Sent: Monday, November 10, 2008 3:27 PM
To: Chris Solc
Cc: Frederick Hirsch; XMLSec WG Public List
Subject: Re: ACTION-85 - Update the proposal on a ByteRange Transform

 From the F2F I noted the following questions regarding ByteRange

1. why bytes and not bits. Here it is answered based on the transform
mechanism in XML Signature. Is there a use case for bit ranges?
Related, is there a need for defining padding operation in a proposed

2. Which attacks are possible for byte ranges, and which
countermeasures are appropriate?

3. What are the limitations of this proposal?

4. Is there any issue with concatenation of byte ranges? (whoever
raised this might want to add detail).

regards, Frederick

Frederick Hirsch

On Nov 10, 2008, at 3:00 PM, ext Chris Solc wrote:

> Use Case:
> A digital image file contains the raw image data and optional
> metadata. This metadata contains information like the date the photo
> was taken, exposure information, search info, general description,
> etc.  Now a photographer wants to use an XML signature to digital
> sign their photo to ensure it isn't modified by someone, but still
> wants allows other users to add new meta-data to their photo.  This
> can only be done if the photographer only signs the raw image data
> and excludes the metadata.
> Requirement:
> XML signature 1.0 specification allows authors of XML signatures to
> sign a subset of an XML document, but doesn't define any grammar
> that allows a subset of a non XML resource to be signed.  The
> requirement for the next version of the XML signature specification
> is to define some grammar that allows a subset of a non XML resource
> to be signed.
> Proposal:
> Add a new ByteRange transform that produces as output, a subset of
> the input octet stream. Note that byte ranges are used instead of
> bit ranges because XML Signatures specification defines transforms
> for octet streams and not bit streams.  The Byte-Range transform
> contains a collection of byte ranges defined by a starting byte
> offset and an optional length value. When the ranges are
> concatenated together it describe the exact set of bytes from the
> input octet stream to be used in the digest calculation of the
> signatures.
> Example:
> <Signature xmlns="http://undefined.namespace">
>   <SignedInfo>
>      ...
>      <Reference URI="./image.jpeg">
>         <Transforms>
>           <Transform Algorithm="undefined.namespace#ByteRange">
>             <ByteRange>
>               <Range offset="0" length="20"/> <!-- first 20 bytes of
> the image -->
>               <!-- bytes 21 to 219 are excluded -->
>               <Range offset="220" length="50"/>  <!-- bytes 220 to
> 270 -->
>               <!-- bytes 271 to 319 are excluded -->
>               <Range offset="320" />  <!-- bytes 320 to end of file
> -->
>             </ByteRange>
>           </Transform>
>         </Transforms>
>         <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1
> "/>
>         <DigestValue>...</DigestValue>
>      </Reference>
>  </SignedInfo>
>  <SignatureValue>...</SignatureValue>
> </Signature>
Received on Tuesday, 11 November 2008 14:02:19 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:10 UTC