- From: Phillip M Hallam-Baker <pbaker@verisign.com>
- Date: Fri, 20 Aug 1999 17:10:13 -0400
- To: "Joseph M. Reagle Jr." <reagle@w3.org>, <chairs@w3.org>
- Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>, <w3c-xml-plenary@w3.org>, "Donald E. Eastlake 3rd" <dee3@us.ibm.com>, "Jon Bosak" <Jon.Bosak@eng.sun.com>
I object to the following requirement: 3.2 The specification must specify at least one mandatory to implement signature canonicalization, content canonicalization, hash, and signature algorithm. No justification is provided for requirng mandatory implementation of a canonicalization algorithm. A canonicalization algorithm is not required to create a signature. The simplest implementation of a signature verifier is to validate the hash of the bits on the wire. The simplest implementation is desired because it is the least likely to have errors. A canonicalization algorithm introduces potential ambiguity into the bit-stream presented and is therefore a security risk. If an application is presented with a bit stream which does not validate it MUST be permitted to reject the signature. It MUST NOT be required to manipulate the data to make the signature verify. I propose the following replacement: 3.2 The specification must specify at least one mandatory to implement hash, and signature algorithm.
Received on Friday, 20 August 1999 17:12:27 UTC