W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 1999

Re: Minutes from Today's Call Please Review/Correct

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Mon, 23 Aug 1999 10:52:43 -0400
Message-Id: <199908231452.KAA15193@torque.pothole.com>
To: "Phillip M Hallam-Baker" <pbaker@verisign.com>
cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Phil,

From:  "Phillip M Hallam-Baker" <pbaker@verisign.com>
To:  "Joseph M. Reagle Jr." <reagle@w3.org>
Cc:  "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Date:  Fri, 20 Aug 1999 15:49:51 -0400
Message-ID:  <005201beeb45$2ac3d320$6e07a8c0@pbaker-pc.verisign.com>

>The only argument advanced in favour of C14N has been that some folks 
>want transmission over channels which introduce noise. On the minus

That is only true for a very, VERY broad stretched definition of
"noisy" channel.  Is a 7 bit channel which requires a reservable
re-encoding into UTF-7 noisy?  Is a system which parses messages into
DOM trees, re-assebmles various parts of them including some
signatures into a new message and signs parts of that a "noisy
channel"?

As far as I can see, cannonicalization is absolutely essential for a
vast range of applications of XMLDSIG, particularly cases where the
objects being signed are XML.  It does not serve the purpose of this
WG to create a standard which can only be used in an extremely secure
and extremely useless way.

>side there is the cost of implementation, the possibility of introducing
>errors in the C14N code, the likelihood that C14n will introduce
>ambiguities which might provide an attacker with an opportunity
>and that does not even take account of the complexities of the
>interaction between the C14N preprocessor and those handling all the
>packaging, fragmenting etc. that people are proposing.
>
>There has never been a requirement that a particular signed object
>have a unique signature under a particular private key. If so the
>DSA would fail since signing a document twice is guaranteed to give
>different results in all but 1 time out of 2^128 attempts.

So?  This has nothing to do with canonicalization.  Why are you
confusing the issue with deliberate FUD?

The requiremens, of course, is that you need to be able to verify the
signature on an object.  Othewise its useless.  And for a vast number
of applications, the "object" is NOT an immutable binary object but
some subset thereof which can only be found by deliberately throwing
away and not signing many pieces and/or accidents of representation of
the object.

>		Phill

Donald
Received on Monday, 23 August 1999 10:54:32 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:07 GMT