W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Re: ObjectReference shouldn't be signed

From: Andreas Schmidt <aschmidt@darmstadt.gmd.de>
Date: Tue, 02 Nov 1999 12:27:44 +0100
Message-ID: <381ECAB0.89CE534B@darmstadt.gmd.de>
To: XMLDSig WG mailing list <w3c-ietf-xmldsig@w3.org>
Hi, 

I'd like to give this discussion another twist (which may be a bit
offside). There are basically two ways to point to the signed object in
the core syntax: 

1. internal reference (through whatever method) and 
2. external link. 

(the case of the missing link [forgive the pun] omitted).
On the other hand, two 'exceptional modes' of signing, orhtogonal to 1.
& 2. appeared in the discussion

A. signatures, where the digest isn't checked automatically with 
   the sig. I'd call that 'logically detached' signatures just to 
   have a word for it, and
B. signatures with relocatable object.

It has been argued, and put together in [1] by Donald, that the core
syntax has enough expressivity to cover A. by indirection through a
manifest and even B. by maybe higher order indirection. I fully
subscribe to that in principle. Nevertheless, one possible problem could
be that by the indirection method, one is bound to use B. cumulatively
to A., i.e., it is difficult  or even impossible to have signatures with
relocatable object but the digest automatically validated.

[1]
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/1999OctDec/0220.html

But I wanted to look at (1,2) (A,B) and their combinations from another
perspective: If anyone ever wanted to write something like a 'generic
XSL stylesheet for the trustworthy presentation of XML-Signatures' (not
the signed data) he/she would certainly have to fulfill the requirement
to distinguish unambiguously between 1,2,A,B in the presentation. This
is becoming exceedingly difficult when the indirection method is used -
does a Location pointing to a Manifest pointing to a Manifest ...
pointing to a part of the same document plainly mean 1,B or  is there
another 'meaning' hidden behind the cascade of references? 

If I were in the position of the aboevementionend researcher, I would
appreciate to have a simple syntactic expressivity in XML-DSig to make
these four and other possible signing modes (if they are not too exotic)
explicit. That would help in the general task of binding the
presentation as closely as possible to the syntactic content of the
signature which might in turn be an issue when it comes to judging the
(legal) conclusiveness of XML-signed documents.

Personally, I like the WG's approach to make the core syntax as
flexible, pure and axiomatic as possible, so I would hesitate to propose
anything like ( Location | Detached | Relocateable ) in full earnest. 

Is this an issue for the WG at all? If not, one would have to lvie with
it and possibly be lead to ruling out XML-Signatures with higher than,
say,  first order indirection as irrepresentible with unambiguous
meaning and therefore of only limited probative force.

Thanks,
Andreas
--------------------------------------------------------------------
Dr. Andreas U. Schmidt, Dept. SIT | mailto:aschmidt@darmstadt.gmd.de
GMD German National Research      | phone :+49-6151-869-712       
Center for Information Technology | fax   :+49-6151-869-704
--------------------------------------------------------------------
Received on Tuesday, 2 November 1999 06:30:38 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT