W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 1999

Re: XML-Signatures Requirements Last Call

From: EKR <ekr@rtfm.com>
Date: 20 Aug 1999 14:50:21 -0700
To: "Phillip M Hallam-Baker" <pbaker@verisign.com>
Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>, <w3c-xml-plenary@w3.org>
Message-ID: <kju2pujf4y.fsf@romeo.rtfm.com>
"Phillip M Hallam-Baker" <pbaker@verisign.com> writes:

> I object to the following requirement:
> 
> 
> 3.2 The specification must specify at least one mandatory to implement
> signature canonicalization, content canonicalization, hash, and signature
> algorithm.
> 
> 
> No justification is provided for requirng mandatory implementation of a
> canonicalization algorithm. A canonicalization algorithm is not required
> to create a signature.
> 
> The simplest implementation of a signature verifier is to validate the
> hash of the bits on the wire.
> 
> The simplest implementation is desired because it is the least likely
> to have errors.
> 
> A canonicalization algorithm introduces potential ambiguity into the
> bit-stream presented and is therefore a security risk. If an application
> is presented with a bit stream which does not validate it MUST be
> permitted to reject the signature. It MUST NOT be required to manipulate
> the data to make the signature verify.
> 
> 
> I propose the following replacement:
> 
> 3.2 The specification must specify at least one mandatory to implement hash,
> and signature algorithm.
If we're counting noses, I agree with Phill.

I'm not comfortable that any of the canonicalization algorithms
hitherto proposed definitely do not damage the data in ways
that are security relevant.

-Ekr

-- 
[Eric Rescorla                                   ekr@rtfm.com]
          PureTLS - free SSLv3/TLS software for Java
                http://www.rtfm.com/puretls/
Received on Friday, 20 August 1999 17:49:54 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:07 GMT