W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Re[2]: Omitting Location and Transforms from SignedInfo

From: <rhimes@nmcourt.fed.us>
Date: Tue, 16 Nov 1999 17:16:10 -0700
Message-Id: <9911179428.AA942849866@nmcourt.fed.us>
To: <w3c-ietf-xmldsig@w3.org>, <jboyer@uwi.com>, <gwhitehead@signio.com>, <w3c-ietf-xmldsig@w3.org>

>> This is quite problematic.  Our core processing rules state that we 
>> verify SignedInfo, then we verify the digest values of the 
>> ObjectReferences.  HOW IS CORE BEHAVIOR GOING TO DO THIS IF CORE 
>> BEHAVIOR DOESN'T KNOW HOW TO RETRIEVE THE DATA?

> I am still wondering if this is a typical case. How often do you find a
> signature somewhere on the floor where you then need to get the data you
> want to verify? Most of the time you will get the signature with the data
> anyway. Somtimes you will have the data and look for a signature. And 
> then, any name is sufficient, need not be a location in the first place.

> Peter

It really concerns me that there is so little concern about locating objects. 
Sounds like we are supposed to give the document some permanent
location-independent name and some magic outside our specification will be able
to find it (not our problem).  Maybe I could have
US_District_Court_of_New_Mexico.CourtFiling.Case_98cv123.Document_123
which would give me a unique global name for one of our filings.  Now do I need
to register this name with some global naming authority that will keep track of
the current official location? Is the official location the District Court?  Was
it handed over to a certified vendor that handles storage?  Is it officially at
the Court of Appeals?  Sent back to state court (incidentally with a different
case number invalidating the "permanent" name).  Is it in the National Archive? 

Is a floating location any better?  Suppose I keep the bare signed XML in an
object database and store huge signed multi-megabyte scanned documents on a file
system.  I would like to be able to move the huge files without breaking the
signature, or have an audit trail of the moves in XML (e.g. in RDF), even if
they are archived, etc.  So, it was suggested that we could leave the frozen
bad-location signatures as-is and just kludge a tag that says it has moved (no
formal proposal has been incorporated.)  How will validation engines support
validation, now that they can't find the document automatically through the
<Kludge> tag?  Not our problem again?  Yes, it is, because we created the
problem and have glibly said it isn't ours, or that it isn't even a problem.  To
me, this isn't an academic exercise.  I'd appreciate it if someone could clarify
a viable solution that works with our spec.  The problem is the need for:

an XML document containing "permanent" valid signatures that reference (internal
or) external documents which will change location and the likelihood of
off-the-shelf software that will be able to verify those signatures by being
able to easily locate those documents and verify the signed hashes.

Thanks,
Rich
Received on Wednesday, 17 November 1999 09:44:09 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT