W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: Omitting Location and Transforms from SignedInfo

From: John Boyer <jboyer@uwi.com>
Date: Wed, 17 Nov 1999 16:47:42 -0800
To: "Jim Schaad (Exchange)" <jimsch@Exchange.Microsoft.com>
Cc: "DSig Group" <w3c-ietf-xmldsig@w3.org>
Message-ID: <NDBBLAOMJKOFPMBCHJOIMEECCCAA.jboyer@uwi.com>
Hi Jim,

> <John>
> Are you saying that it's not that important that we sign the
> actual data
> that a person using a private key actually wanted to sign???
> </John>

Yes and No.  I agree that it is important to sign the data, however signing
a digest of the data, and thus signing the original data indirectly, is not
a problem.  If you look at CMS, given that most people include authenticated
attribute, you never actually sign the data.  You sign the digest of the
data and the authenticated attributes.

<John>
Yikes! Validating the digest of a resource is not enough.  If the resource
changes, the signature should break.
</John>

As my previous mail has stated.  Location is a hint for where the document
is.  It is not the be-all and end-all for locating the document.  If the
application wants to enforce that this is the only location -- that is fine.
If the application wants to say that the data is someplace else -- that is
fine.  The fact that you update the document at a URL location will not
allow you to repudiate the fact that you signed the document.  I can cache
the document locally and take that copy into court when attempting to
enforce your signature.

<John>
It's not a hint right now!  How is core behavior, independent of
application-specific behavior, going to validate a given signature if it
does not know how to dereference a location.  It cannot depend on
application specific caching mechanisms.
</John>

jim
Received on Wednesday, 17 November 1999 19:48:40 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT