W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 1999

RE: comments on 990806 Requirements Doc

From: John Boyer <jboyer@uwi.com>
Date: Thu, 19 Aug 1999 14:16:53 -0700
To: "Joseph M. Reagle Jr." <reagle@w3.org>, "DSig Group" <w3c-ietf-xmldsig@w3.org>
Message-ID: <NDBBLAOMJKOFPMBCHJOIMEMMCAAA.jboyer@uwi.com>
Suggested Requirement:

As a separate requirement or as a co-requirement of 3.1.3, XML Signatures
must have the ability to indicate which portions of a resource should be
excluded from the resource.

Significance:

<OL>
<LI>Document Closure (the ability to assert that no changes were made to the
document except for those elements explicitly listed as being omitted).
<LI>Preservation of ancestor element information (XML allows elements to
derive information from the tags and attributes of their ancestors;
requirement 3.1.3 permits signing part of an XML document. Hence, there must
be a way to retain all information relevant to the part specified, including
information carried by ancestors).
<LI>Preservation of order of non-continuous element blocks (omitting
elements is necessary; if it can only be done implicitly by non listing in a
manifest, then the resulting signature does not capture the order in which
the included elements appear in the document.)
</OL>

Options:

<OL>
<LI>The canonicalizer element could include a subelement 'exclude'.  Any
element of the resource being canonicalized that matches one of the locators
in the exclude list would not be rendered to the message whose digest is to
be computed.

<LI>The exclude list could accompany the locator in the resource element.

<LI>The fragment specification already accounts for ancestor information.
It does not solve the document closure and element order problems.

<LI>If the new XPointer spec now allows the ability to indicate
non-continuous regions (must be verified), then that solves the element
order problem, but not document closure and ancestor info.
</OL>

Once it is a requirement to sign a portion of a document, the resulting
security problems are too great without this co-requirement.  These must be
mandatory to implement if signing partial documents is mandatory, and the
latter is mandatory for operations like multiple overlapping signatures.
See section 2.4 of [1] for more information on this topic.

[1] http://www.w3.org/1999/08/xmldsig-requirements-990820.html

Thanks,
John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company

-----Original Message-----
From: w3c-ietf-xmldsig-request@w3.org
[mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of Joseph M. Reagle
Jr.
Sent: Thursday, August 19, 1999 12:01 PM
To: John Boyer
Cc: dee3@us.ibm.com; Richard D. Brown; IETF/W3C XML-DSig WG
Subject: RE: comments on 990806 Requirements Doc


At 13:30 99/08/17 -0700, John Boyer wrote:
 >[Comments to an email from  Don, that hasn't yet made it to the list.]
 >
 >At 13:21 99/08/17 -0400, dee3@us.ibm.com wrote:
 > >2.2:  Suggest changing "The manifest includes..." to "The manifest must
 > >support..." so as to permit other types of manifest.
 >
 >Manifests that don't use URIs? If so, what would be the example?
>
 ><John> For example, having the signature directly sign the data by
 >enveloping the data inside of the manifest. </John>

Ok, I've included to Don's suggest text. The resulting document is at [1]
and will be officially published tomorrow. Then I'll update the ietf-draft
and push this out to W3C chairs and XML plenary and start twisting arms to
get commitments for review once we have a draft we are fairly comfortable
with.

[1] http://www.w3.org/1999/08/xmldsig-requirements-990820.html


_________________________________________________________
Joseph Reagle Jr.
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://w3.org/People/Reagle/
Received on Thursday, 19 August 1999 17:17:46 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:07 GMT