W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2009

ACTION-168: Intro text for Transforms/C14N note

From: Scott Cantor <cantor.2@osu.edu>
Date: Mon, 26 Jan 2009 14:20:43 -0500
To: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
Cc: "'Pratik Datta'" <pratik.datta@oracle.com>
Message-ID: <007701c97feb$2efaa4b0$8cefee10$@2@osu.edu>

Mainly just interested in strengthening the message here about the breaking
change, and getting c14n into the discussion up front, since the note is
actually intended to propose a breaking change to both as it currently
stands. I also added a line about the fact that some use cases that are
supported now literally wouldn't be. I think that's really the point here,
since that's what tends to get people's hackles up.

Here's a suggested replacement for section 1:


The Reference processing model and associated transforms currently defined
by XML Signature [XMLDSIG2nd] are very general and open-ended, which
complicates implementation and allows for misuse, leading to performance and
security difficulties. Support for arbitrary canonicalization algorithms,
and the complexity of the existing algorithms in order to meet various
generic requirements is also a source of problems.

Current experience with the use of XML Signature suggests that a simplified
reference, transform, and canonicalization processing model would address
the most common use cases while improving performance and reducing
complexity and security risks [XMLSecNextSteps]  [BradHill]. This document
outlines a proposed change to the XML Signature processing model to achieve
these goals. It also outlines use cases and the new requirements associated
with the suggested changes.

It should be noted that this proposal is not for an additional constrained
processing model, but for an actual replacement of the existing generically
extensible model that exists now. Thus, the changes proposed in this
document would be a breaking change to XML Signature, necessitating new
implementations and possibly precluding the ability to support some use
cases currently supported.

Thus, before making such a change in a proposed new version of XML
Signature, the XML Security Working Group would like to obtain additional
feedback on this proposal. The purpose of this document is to solicit early


-- Scott
Received on Monday, 26 January 2009 19:21:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:10 UTC