- From: Phillip M Hallam-Baker <pbaker@verisign.com>
- Date: Thu, 29 Jul 1999 11:30:07 -0400
- To: "Barb Fox (Exchange)" <bfox@Exchange.Microsoft.com>, "John Boyer" <jboyer@uwi.com>, "'DSig Group'" <w3c-ietf-xmldsig@w3.org>
> I believe that Dave Solo and I both posted on this with strong feelings > against criticality flags. My comment was that WEBDAV has already thought > this through (ck out RFC > 2518) and have chosen to have clients ignore elements they do not > understand. I also share Dave's "sub-optimal" experience with criticality > flags in PKIX. Frankly, I thought we agreed to drop them at MIT > and I don't > recall any revival in Oslo. That's probably because I could not make either meeting... I think we do need a mechanism by which a client can be told that it should not attempt to process a message it may not understand IF THAT IS THE DESIRED RESULT. One specific condition I have been considering is the case in which an XML message represents a negotiable instrument (e.g. a Bill of Lading). The conditions of validity for which can only be understood in the context of a particular rule book. In this case I would like to ensure that clients which are not aware of the requirements of a specific rule book do not erroneously validate the signature. The problem with criticality flags is that they are too fine grained and lead to overuse but the effect is on occasion usefull. A better means of achieving the desired result would be a specific criticality attribute which would reference a URI. E.g. <sig> <critical uri="http://eterms.icc.org/private/2001/1583209"> </sig> Similar requirements pop up in the public space - literally. Barb and I know a certain lawyer who is keen to have disclaimers pop up to achieve 'constructive notice' of certain terms and conditions. I certainly don't think we need a system as fine grained as X.509v3 criticality flags. But we do need to recognise that in the case of signatures restricted interoperability is sometimes explicitly desired. In terms of implementation difficulty this should not be too much trouble. The 'check signature' property of the XML document object simply flags a warning that everything has checked out but there may be some problems. Generic clients are also much better off since instead of 'there may be a problem here but I'm not going to tell you what' they can be refered to a source which can resolve the problem. Phill
Received on Thursday, 29 July 1999 11:28:55 UTC