- From: John Ross <ross@secstan.com>
- Date: Tue, 26 Oct 1999 10:20:33 +0100
- To: "Barb Fox (Exchange)" <bfox@Exchange.Microsoft.com>, "'Denis Pinkas'" <Denis.Pinkas@bull.net>, "XML-DSIG" <w3c-ietf-xmldsig@w3.org>
- Message-ID: <006e01bf1f93$5f7e9cd0$0400000a@jrwork>
RE: Comments on XML-Signature Core SyntaxAlthough, I agree in principal that the type of information carried as CMS attributes can be part of the XML signed Blob. One of the advantages of the CMS approach is the clear separation between the security related data (the signed attributes) and the application data (the content). With the signed attribute approach, all the data needed by the security process like a signature validation process is readily available at the time of signature validation, without having to decode the signed Blob.
I support Denis and think if the concept of signedAttributes and unSignedAttributes were added it would add value to the XML signature. The signedAttributes and unSignedAttributes should obviously be encoded using XML at the signedData level.
John Ross
-----Original Message-----
From: Barb Fox (Exchange) <bfox@Exchange.Microsoft.com>
To: 'Denis Pinkas' <Denis.Pinkas@bull.net>; XML-DSIG <w3c-ietf-xmldsig@w3.org>
Date: 25 October 1999 15:34
Subject: RE: Comments on XML-Signature Core Syntax
Denis:
The XML dsig working group had several months of discussion on this topic ("CMS features") and specifically rejected signed attributes among others.
In my own postings, I argued that there is no compelling need for attributes (authenticated or not) when you already have the expressive power of XML. If a signer wants to make qualified statements about a particular XML blob, then the signer should make those statements in XML (perhaps including a strong reference/hash of the original
blob) and sign *that*. In any event, you're always signing a particular XML
object.
I think you will also find that while we started with the notion of CMS-style signatures (wrapped only, requiring certificates, etc.) we evolved that model significantly to make it more appropriate to a broad range of web applications. These scenarios appear on the W3C page at http://www.w3.org/Signature/Drafts/xmldsig-scenarios-990818.html
--Barb
-----Original Message-----
From: Denis Pinkas [mailto:Denis.Pinkas@bull.net]
Sent: Monday, October 25, 1999 8:10 AM
To: XML-DSIG
Subject: Comments on XML-Signature Core Syntax
This is first version of the document has already a good shape.
However, I would like to raise several related comments:
It would be nice to be able to get the same features as those
present in CMS (Cryptographic Message Syntax). This seems nearly
there, but not completely. A major feature of CMS is the concept of
signed attributes which should be mirrored in this document.
In section 2.0, SignedInfo is defined as:
the actual data over which the signature is
calculated. It contains control information (algorithm
identifiers, pre-processing transformations) and digest(s) over
the object(s) being signed.
In section 1.3.4 it is said that: "additional objects have been
defined
which may be referenced by SignedInfo. The Manifest element is
provided which similarly contains a collection of references and
objects (like SignedInfo), but leaves it entirely up to the
application which digest or digests it will verify."
This does not seem crystal clear. These additional objects are
equivalent to the signed attribuytes from CMS (what don't we use
that term as well ?) and thus must be verified by the application.
In section 4.0, it is mentioned that:
SignedInfo does not include explicit signature attributes. If an
application needs to associate attributes (such as signing time,
signing device, etc.) with the signature, it may add an
additional
Object that includes that data and reference that Object via an
ObjectReference.
It would be very nice to define such "useful attributes" in the
document itself.
A last, but related comment. In section 1.3.1 it is said:
KeyInfo indicates what key was used to create the signature. It
is
optional because in some applications the key is implied by the
circumstances. A wide variety of KeyInfo forms are available
including
certificates, key names, key agreement algorithms and
information,
etc. The keying information is outside of the signed information
so
that it need not be signed. KeyInfo might contain auxiliary
information it is not desired to reveal to all signature
verifiers. If
KeyInfo were signed, it would be necessary to pass all of it to
all
verifiers. On the other hand, if it is desired to bind the keying
information in to the signature, its digest and a pointer to it
can
easily be included in the signed information.
In order to prevent some substitution attacks of certificates
holding the same public key value, it is necessary to sign the
KeyInfo. Providing a standard way to do this (using the equivalent
of a signed attribute) would be most useful.
Denis
Received on Tuesday, 26 October 1999 05:24:57 UTC