W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: Omitting Location and Transforms from SignedInfo

From: Jim Schaad (Exchange) <jimsch@Exchange.Microsoft.com>
Date: Wed, 17 Nov 1999 15:41:28 -0800
Message-ID: <EAB5B8B61A04684198FF1D0C1B3ACD194A712A@dino.dns.microsoft.com>
To: "'John Boyer'" <jboyer@uwi.com>
Cc: DSig Group <w3c-ietf-xmldsig@w3.org>


> -----Original Message-----
> From: John Boyer [mailto:jboyer@uwi.com]
> Sent: Wednesday, November 17, 1999 3:12 PM
> To: Jim Schaad (Exchange)
> Cc: DSig Group
> Subject: RE: Omitting Location and Transforms from SignedInfo
> 
> 
> Hi Jim,
> 
> I agree to your desire to push this off to a Manifest, but 
> only if we change
> the core syntax so that external references are just plain 
> not supported.
> See below.
> 
> -----Original Message-----
> From: w3c-ietf-xmldsig-request@w3.org
> [mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of Jim Schaad
> (Exchange)
> Sent: Wednesday, November 17, 1999 1:12 PM
> To: 'Joseph M. Reagle Jr.'
> Cc: DSig Group
> Subject: RE: Omitting Location and Transforms from SignedInfo
> 
> 
> Some responses to this message:
> 
> 1.  The behavior you described is easily obtainable in the 
> current syntax by
> putting all of the object references in a manifest and then 
> putting the
> object reference to the manifest in the document.  We check 
> the signature,
> check the digest on the manifest and stop processing.  The 
> application can
> then do whatever verification it things are necessary on the object
> references in the manifest. (I actually was originally an 
> opponent of having
> more that the reference to the manifest in the signed info, 
> but there were a
> large number of people who wanted the current behavior.)
> 
> <John>
> Yes, I think I'd be one of them.  Shouldn't it be the case that core
> behavior creates a digital signature covers the data that the 
> user actually
> wanted to sign?
> If we use the current syntax, then that means that every 
> place the signature
> travels, it must be possible for core behavior to dig up the 
> bytes being
> reference by URL (since they may not be in a local cache).
> 
> We could change the syntax to that recently proposed in one 
> of my emails.
> This would mean that someone would need to put the data in the current
> document if they want to sign it.  To me this is an 
> acceptable limitation.
> If you want to sign something outside of the document, then 
> use a Manifest.
> This sounds exactly like what you're proposing, except we don't have a
> Location in the core syntax because we don't support external 
> references in
> the core syntax.
> 
> John Boyer
> Software Development Manager
> UWI.Com -- The Internet Forms Company
> 
> </John>
> 

That is not at all what I am proposing.  I think it is just fine to sign
something that is not a manifest and is not in the current document.  What I
am stating is that if the application does not want the behavior that we
automatically go and try to verify what is being signed, then it goes in a
manifest.  If you want to have the core code automatically very what is
being signed, it can be in the SignerInfo object.  The locality of the data
is unimportant.

jim
Received on Wednesday, 17 November 1999 18:41:30 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT