W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 1999

Re: Schema/DTD represented in sig?

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Fri, 25 Jun 1999 16:04:37 -0400
Message-Id: <3.0.5.32.19990625160437.009c9a30@localhost>
To: "Winchel 'Todd' Vincent, III" <Winchel@mindspring.com>
Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
At 03:15 PM 6/24/99 -0400, Winchel 'Todd' Vincent, III wrote:
 >So, while the digital signature give us pretty good assurance that the bits
 >and bytes have not been altered, this assurance is not exactly what we're
 >after -- what we really want is to make sure the meaning has not changed --
 >i.e., that we have credible evidence.

OIDS and URIs don't solve this problem in and of themselves. They merely
make a resource addressable, and provide a useful hook for accessing/hanging
semantics, including external meaning that is material to the original
content. You have to do one of two things depending on what you want:
 
1. If you want that meaning to be available/assured with the same level of
availability/assuredness of the content, it makes sense to make an
institutional/policy commitment [2:Axiom 2b] to credibly preserve it (by
inline expansion, packaging, caching  or some such thing.) 
2. If you want to detect if the meaning changed, you can include a hash of
the resource next to the URI in the manifest. (lighter weight)

Regardless, these only solve the problem for the person signing the
document: making sure that other stuff didn't change. It doesn't solve the
problem of meaning before a third party, like a court. Say I have a
document.A, that references an external document.B that I don't control.
Even if I include it in a package with my document and sign both, that
merely means I'm asserting that document.B was at that URI. Maybe I'm lying
and included a document not at the given URI but one of my own choosing!
Similar to a real contract, all semantics need some level of independent
third party verifiability. Schema designers might very well end up
registering/time-stamping their schema at a reputable third party for such
purposes.

 >The solution to this problem is to make Schema B unambiguous and set the
 >unambiguity in time.
 >me that application developers are largely ignoring OIDs.  I was very
 >surprised to find that the Namespace Recommendation did not require URI to
 >be unique.

I'm having difficulty understanding what "uniqueness" has to do with this.
[1,2]


[1] http://www.w3.org/DesignIssues/NameMyth.html
[2] http://www.w3.org/DesignIssues/Axioms.html
Axiom 1: Global scope: It doesn't matter to whom or where you specify that
URI, it will have the same meaning.
Axiom 2a: sameness: a URI will repeatably refer to "the same" thing 
Axiom 2b: identity: of URIs clears up the vagueness of 2a and is that the
significance of identity for a given URI is determined by the person who
owns the URI, who first determined what it points to. 



_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://w3.org/People/Reagle/
Received on Friday, 25 June 1999 16:04:33 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:06 GMT