W3C home > Mailing lists > Public > public-xmlsec@w3.org > February 2009

Re: Proposed changes for properties document

From: Thomas Roessler <tlr@w3.org>
Date: Thu, 19 Feb 2009 01:11:01 +0100
To: Sean Mullan <Sean.Mullan@Sun.COM>
Message-Id: <97B13CBB-3BC3-49F5-AA2A-DA9A846C0D6A@w3.org>
Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>
I've tried to merge most of this into the current draft, plus some  
minor editorial wordsmithing.

Some additional questions and remarks:

- I see a remark in there that calls out the namespace URI as subject  
to change.  Is it?

- I've changed the reference to XML Signature to the dated first  
edition.  We have a separate reference for the second edition.  This  
probably needs clean-up across all the specs, but isn't critical for  
the first draft.

Specifically....

> Looks good - a couple of minor comments below but probably don't  
> need to be addressed for FPWD if not enough time.
>
> Thomas Roessler wrote:
>> I'd suggest that we change the properties document as follows  
>> (probably some more fine tuning makes sense):
>> - 5. Rename "Design" -> "Signature Properties"
>> - Add the following text:
>>> This section defines a number of signature properties that are  
>>> expected to be commonly used in profiles.  For each property, an  
>>> intended processing model is suggested.  However, the details of  
>>> processing each of these properties will depend upon individual  
>>> application scenarios, and MUST be specified in any profile that  
>>> makes use of the properties defined in this document.
>> - 5.1.2 Validation (for profile property)
>> Replace with:
>>> Applications are expected to use this property to verify an  
>>> assertion that a signature is meant to fulfill a specific  
>>> profile.  Validtion behavior is application-specific.
>
> s/Validtion/Validation
>>> Profiles MUST specify what application behavior is expected in  
>>> case an unknown profile URI is encountered.
>
> ... and if more than one Profile element URI is recognized. This is  
> probably not a good idea (it may be better to define a new URI)

Well, I could see a number of uses for having multiple, orthogonal  
profiles.  I've added the following: "Profiles MUST specify whether  
profile URIs defined by them can coexist with other instances of the  
profile property element."

> but maybe in some cases it makes sense to support more than one  
> profile URI if the behavior is independent of each other. In any  
> case it should be specified as to if this is legal or not.
>
>> - 5.2.2 Validation (for usage property)
>> Replace with:
>>> Applications are expected to use this property to identify a  
>>> specific usage for a document (e.g., document signing vs code  
>>> signing).  An unexpected usage URI will frequently be reason for  
>>> applications to deem a signature invalid for the intended usage.
>>> Profiles MUST specify what application behavior is expected in  
>>> case an unknown usage URI is encountered.
>
> same comment as above.
>
>> - 5.3 (Expires property)
>> Insert the following after the schema:
>>> Expiration times MUST be given as timezoned values. (See section  
>>> 3.2.7 of [XML Schema part 2].)
>> http://www.w3.org/TR/xmlschema-2/#dateTime
>> - 5.3.2 Validation (for expires property)
>> Replace with:
>>> Applications are expected to use this property to identify the  
>>> expiry date of a signature.  Evaluation of this property is with  
>>> respect to an application defined reference time (possibly wall  
>>> clock time, possibly a time that is determined otherwise).  A  
>>> property value that is later than the reference time will  
>>> frequently be reason for applications to deem a signature invalid  
>>> with respect to the reference time.
>
>>> Profiles MUST specify what reference time should be used when  
>>> interpreting this property.
>
> - this property should probably have two times: a notBefore and  
> notAfter time
> (ex: signing a check with a date in the future).
>
> - profile should also state if duplicate instances are ignored or  
> cause validation failure
>

Propose:

> An expiry property with an <emph>untimezoned</emph> time value MUST  
> NOT be considered valid.  If multiple instances of this property are  
> found on a single signature, then applications MUST NOT deem any of  
> these properties valid.


>> - 5.4 ReplayProtect property
>> Add after the XML schema snippet:
>>> Timestamp values MUST be timezoned. A ReplayProtect property with  
>>> an untimezoned time stamp MUST be treated as invalid.
>
> - shouldn't the timestamp be optional? Are there any use cases where  
> nonces must be retained indefinitely (or some really long time)?

I have no strong view on this point; I hope we can take this up after  
the FPWD is published.

>> - 5.4.2 Validation (for ReplayProtect property)
>
> - profile should also state if duplicate instances are ignored or  
> cause validation failure
>
>> *Add* the following:
>>> Behavior of applications when an invalid property is encountered  
>>> is application-specific.
>
> Shouldn't the above sentence be for all properties and not just the  
> ReplayProtect property? To cover my comments above about duplicate  
> properties, you could change this to:
>
> Behavior of applications when an invalid property or more than one  
> recognized property is encountered is application-specific.
>
>> I wonder whether we want to say anything about the amount of time  
>> for which nonces are kept.
>
> Seems to be something the profiles should specify.
>
>> I also wonder whether it makes sense to drop the nonce encoding  
>> (the value is an opaque string, after all), and simply make it a  
>> base64 encoded octet-stream, with a (specified) minimum supported  
>> length.  I'd suggest something outrageous like 512 bits for that.
>
> Hmm, not sure would have to think about it some more.
>
> --Sean
>
Received on Thursday, 19 February 2009 00:11:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT