W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: Omitting Location and Transforms from SignedInfo

From: John Boyer <jboyer@uwi.com>
Date: Wed, 17 Nov 1999 16:47:42 -0800
To: "Jim Schaad (Exchange)" <jimsch@Exchange.Microsoft.com>
Cc: "DSig Group" <w3c-ietf-xmldsig@w3.org>
Hi Jim,

> <John>
> Are you saying that it's not that important that we sign the
> actual data
> that a person using a private key actually wanted to sign???
> </John>

Yes and No.  I agree that it is important to sign the data, however signing
a digest of the data, and thus signing the original data indirectly, is not
a problem.  If you look at CMS, given that most people include authenticated
attribute, you never actually sign the data.  You sign the digest of the
data and the authenticated attributes.

Yikes! Validating the digest of a resource is not enough.  If the resource
changes, the signature should break.

As my previous mail has stated.  Location is a hint for where the document
is.  It is not the be-all and end-all for locating the document.  If the
application wants to enforce that this is the only location -- that is fine.
If the application wants to say that the data is someplace else -- that is
fine.  The fact that you update the document at a URL location will not
allow you to repudiate the fact that you signed the document.  I can cache
the document locally and take that copy into court when attempting to
enforce your signature.

It's not a hint right now!  How is core behavior, independent of
application-specific behavior, going to validate a given signature if it
does not know how to dereference a location.  It cannot depend on
application specific caching mechanisms.

Received on Wednesday, 17 November 1999 19:48:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:32 UTC