- From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
- Date: Sun, 24 Oct 1999 18:59:19 -0400
- To: "Joseph M. Reagle Jr." <reagle@w3.org>
- cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>, chairs@w3.org
Certainly when a name space occurs once or a few times, it's not worth
worrying about a few characters. But the latest w3c-c14n draft I have
seen repeats the namespace for every attribute at an element even if
they all have the same namespace. Thus, for a element with 20
attributes all in the same namespace, we get 20 different syntesized
prefixes and 20 copies of the namespace when one prefix and namespace
would do.
From: "Joseph M. Reagle Jr." <reagle@w3.org>
Message-Id: <3.0.5.32.19991022104252.00aecd70@localhost>
X-Sender: reagle@localhost
Date: Fri, 22 Oct 1999 10:42:52 -0400
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>,
"Jim Schaad (Exchange)" <jimsch@EXCHANGE.MICROSOFT.com>
Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>, chairs@w3.org
In-Reply-To: <199910220132.VAA31428@torque.pothole.com>
References: <Your message of "Thu, 21 Oct 1999 16:06:57 PDT." <EAB5B8B61
A04684198FF1D0C1B3ACD194A70AF@DINO>
>In response to [1]; cc'd to chairs since I think it is a common issue to all
>W3C WGs.
>
>[1] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/1999OctDec/0132.html
>
>At 21:32 99/10/21 -0400, Donald E. Eastlake 3rd wrote:
> >Seems like a good argument for a shorter namespace URI, like
> >"http://w3.org/sig-v1".
>>>At Thu, 21 Oct 1999 16:06:57 -0700 , Jim Schaad wrote:
>>>In this example, the first 62% of the document (roughly 840 characters) is
>>>the same for all signed messages. (This assumes that the same
>>>canonicalization and signature algorithm are routinely used.) This means
>
>I would certainly like smaller namespaces, but (unfortunately) the namespace
>I provided is in compliance with the editorial/namespace allocation policies
>of the W3C -- though I'm not sure where they are formally documented, but
>TimBL stated www.w3.org is the host name of the W3C, so not much to do
>there. I don't think W3C would allocate a top level directory for a
>namespace and the W3C tends to lean towards dated spaces...
I guess if you are going to actually retrieve something from a
namespace URI for a W3C namespace, and you are using a typcial URL
then having the authority portion of the URL be "www.w3.org" is
reasonable. But if it's just an identifier with nothing stored at it,
I don't see that the "www." adds anything. It seems more logial for
the authority to be the W3C rather than the W3C's web site. In any
case, it is not clear that the W3C should be the authority for a joint
IETF/W3C standard.
>1. For xml-namespace purposes I don't see this as too much of a readability
>problem since you can declare it once and use a prefix.
Right.
>2. For xml-namespaces when expaned in c14n form and hashed, we have a unique
>problem that we are going to have _lots_ of redundancy that can lead to
>weaker signatures. I hope we create a nonce element that one can stick at
>the beginning of the signature.
If your message digest function is worth much, the addition of lots of
redundant stuff should have no effect on the strength of the
signature. Alll that matters is how much entropy is present.
Addition of a nonce might be good (although whether the nonce is at
the start or end or both of the data has only a minor effect). But
the unnecessary repetition of namespaces as proposed in the current
w3c-c14n draft is merely inefficient, not security reducing.
>3. For readable property types I do see this as a big problem, stuff like:
> http://www.w3.org/1999/10/signature-core/manifest
>is pretty ugly. It'd be nice if there were a "entity" or "macro" (similar to
>prefix) that one could use to map namespaces to something more terse.
>_________________________________________________________
>Joseph Reagle Jr.
>Policy Analyst mailto:reagle@w3.org
>XML-Signature Co-Chair http://w3.org/People/Reagle/
Donald
===================================================================
Donald E. Eastlake 3rd +1 914-276-2668 dee3@torque.pothole.com
65 Shindegan Hill Rd, RR#1 +1 914-784-7913(w) dee3@us.ibm.com
Carmel, NY 10512 USA
Received on Sunday, 24 October 1999 18:59:32 UTC