- From: Andreas Schmidt <aschmidt@darmstadt.gmd.de>
- Date: Tue, 02 Nov 1999 12:27:44 +0100
- To: XMLDSig WG mailing list <w3c-ietf-xmldsig@w3.org>
Hi, I'd like to give this discussion another twist (which may be a bit offside). There are basically two ways to point to the signed object in the core syntax: 1. internal reference (through whatever method) and 2. external link. (the case of the missing link [forgive the pun] omitted). On the other hand, two 'exceptional modes' of signing, orhtogonal to 1. & 2. appeared in the discussion A. signatures, where the digest isn't checked automatically with the sig. I'd call that 'logically detached' signatures just to have a word for it, and B. signatures with relocatable object. It has been argued, and put together in [1] by Donald, that the core syntax has enough expressivity to cover A. by indirection through a manifest and even B. by maybe higher order indirection. I fully subscribe to that in principle. Nevertheless, one possible problem could be that by the indirection method, one is bound to use B. cumulatively to A., i.e., it is difficult or even impossible to have signatures with relocatable object but the digest automatically validated. [1] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/1999OctDec/0220.html But I wanted to look at (1,2) (A,B) and their combinations from another perspective: If anyone ever wanted to write something like a 'generic XSL stylesheet for the trustworthy presentation of XML-Signatures' (not the signed data) he/she would certainly have to fulfill the requirement to distinguish unambiguously between 1,2,A,B in the presentation. This is becoming exceedingly difficult when the indirection method is used - does a Location pointing to a Manifest pointing to a Manifest ... pointing to a part of the same document plainly mean 1,B or is there another 'meaning' hidden behind the cascade of references? If I were in the position of the aboevementionend researcher, I would appreciate to have a simple syntactic expressivity in XML-DSig to make these four and other possible signing modes (if they are not too exotic) explicit. That would help in the general task of binding the presentation as closely as possible to the syntactic content of the signature which might in turn be an issue when it comes to judging the (legal) conclusiveness of XML-signed documents. Personally, I like the WG's approach to make the core syntax as flexible, pure and axiomatic as possible, so I would hesitate to propose anything like ( Location | Detached | Relocateable ) in full earnest. Is this an issue for the WG at all? If not, one would have to lvie with it and possibly be lead to ruling out XML-Signatures with higher than, say, first order indirection as irrepresentible with unambiguous meaning and therefore of only limited probative force. Thanks, Andreas -------------------------------------------------------------------- Dr. Andreas U. Schmidt, Dept. SIT | mailto:aschmidt@darmstadt.gmd.de GMD German National Research | phone :+49-6151-869-712 Center for Information Technology | fax :+49-6151-869-704 --------------------------------------------------------------------
Received on Tuesday, 2 November 1999 06:30:38 UTC