- From: Phillip M Hallam-Baker <pbaker@verisign.com>
- Date: Fri, 20 Aug 1999 15:49:51 -0400
- To: "Joseph M. Reagle Jr." <reagle@w3.org>
- Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
> I agree. (Though the agreement over c14n being optional is over actual > content referrenced in a package or manifest, not over the > processing of the > package or manifest itself, right? David and Richard's proposals seem to > require c14n of those objects. David, Richard?) If so that should be corrected. The requirement has no justification. It is contrary to the principle agreed. The only argument advanced in favour of C14N has been that some folks want transmission over channels which introduce noise. On the minus side there is the cost of implementation, the possibility of introducing errors in the C14N code, the likelihood that C14n will introduce ambiguities which might provide an attacker with an opportunity and that does not even take account of the complexities of the interaction between the C14N preprocessor and those handling all the packaging, fragmenting etc. that people are proposing. There has never been a requirement that a particular signed object have a unique signature under a particular private key. If so the DSA would fail since signing a document twice is guaranteed to give different results in all but 1 time out of 2^128 attempts. Phill
Received on Friday, 20 August 1999 15:48:06 UTC