W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

AW: ObjectReference shouldn't be signed, was RE: Location

From: Peter Lipp <Peter.Lipp@iaik.at>
Date: Mon, 8 Nov 1999 16:11:35 -0500
To: <rhimes@nmcourt.fed.us>, <w3c-ietf-xmldsig@w3.org>, <reagle@w3.org>
Message-ID: <NDBBLDEHJKOODMJCNBNCIEEHCNAA.Peter.Lipp@iaik.at>
>transform on Object (rather than it's content), to allow exclusion of a
>location/transform within Object (transform is not currently specified in
>object).  I'd like this to be more natural though, by adding an attribute
to
>ObjectReference, for example.
Not sure I understand that completely, so forgive me if I'm wrong. But while
the location of the data does not change the digest value of the object to
be signed, the transform does, so there is no way of changing transform
without the need for changing the signature. Now, I understand that
excluding it doesn't mean we don't know about it. But then, I see no point
in excluding the transform if we need it, and furthermore I strongly suspect
security issues at risk if the transform can be changed. Those issues don't
come up with the location.

Concerning location, it might be cleaner to move it out to a manifest, if it
needs to be signed, as it clearly is something that can vary, or to exclude
it by default, but I am not so sure here.

Let's look at location and where it's needed. If I create a signature, I
will most often pack it with the document somehow. Here location is not an
issue. If I create a detached signature, like say a PICS label bureau or
similar, I will need the location authenticated anyway as I would be opting
for it. And if that location is no longer correct, that wouldn't matter.

I don't see a real case where the location would change and I still would
need the same signature (containing the location) verify. Can I be in
posession of a document and unable to find a signature with that specific
location in? I can imagine cases like downloading a document and a signature
to my harddisk, where the signature contains the former location. In that
case my signature verifying aplication should now that in this case the
non-verifying location is no longer correct and tell me. Like Outlook tells
me that a signature is cryptographically ok but I don't trust it because...
similar case to me!

My conclusion: location is fine as is.

Peter
______________________________________
Dr. Peter Lipp
IAIK, TU Graz
Inffeldgasse 16a, A-8010 Graz, Austria
Tel: +43 316 873 5513
Fax: +43 316 873 5520
Web: www.iaik.at






Received on Monday, 8 November 1999 16:11:42 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT