W3C home > Mailing lists > Public > public-xmlsec@w3.org > May 2010

Re: ACTION-578: External unparsed entities in Best Practices

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Tue, 11 May 2010 13:39:55 -0400
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>
Message-Id: <71E906E1-7171-43C7-82F3-AAD6232AAD28@nokia.com>
To: ext Thomas Roessler <tlr@w3.org>
+1 to this proposed change to the best practices document

http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#avoid-default-schema-values

regards, Frederick

Frederick Hirsch
Nokia



On May 11, 2010, at 11:07 AM, ext Thomas Roessler wrote:

> Here's a text suggestion around external unparsed entities:
> 	
>> Resolving external unparsed entity references can imply network  
>> access and can in certain circumstances be a security concern for  
>> signature verifiers. As a policy decision, signature verifiers may  
>> choose not to resolve such entities, leading to a loss of  
>> interoperability.
>>
>> Best practice for signers:
>>
>> Do not transmit unparsed external entity references in signed  
>> material.  Expand all entity references before creating the  
>> cleartext that is transmitted.
>
> Here's a suggestion around schema, replacing 2.7 and 2.8:
>
>> Part of the validation process defined by XML Schema includes the  
>> "normalization" of lexical values in a document into a "schema  
>> normalized value" that allows schema type validation to occur  
>> against a predictable form.
>>
>> Some implementations of validating parsers, particular early ones,  
>> often modified DOM information "in place" when performing this  
>> process. Unless the signer also performed a similar validation  
>> process on the input document, verification is likely to fail.  
>> Newer validating parsers generally include an option to disable  
>> type normalization, or take steps to avoid modifying the DOM,  
>> usually by storing normalized values internally alongside the  
>> original data.
>>
>> Verifiers should be aware of the effects of their chosen parser and  
>> adjust the order of operations or parser options accordingly.  
>> Signers might also choose to operate on the normalized form of an  
>> XML instance when possible.
>>
>> Additionally, validating processors will add default values taken  
>> from an XML schema to the DOM of an XML instance.
>>
>>
>> Best practice for signers:
>>
>> Do not rely on a validating processor on the consumer's end to  
>> normalize XML document. Instead, explicitly include default  
>> attribute values, and use normalized attributes when possible.
>>
>> Best practice for verifiers:
>>
>> Applications relying on validation should either consider verifying  
>> signatures before schema validation, or select implementations that  
>> can avoid destructive DOM changes while validating.
>>
>
> (That concludes my action; comments more than welcome.)
> --
> Thomas Roessler, W3C  <tlr@w3.org>  (@roessler)
>
>
>
>
>
>
>
>
Received on Tuesday, 11 May 2010 17:41:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 11 May 2010 17:41:08 GMT