W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Re[2]:RE: 991118 Telecon Minutes

From: <rhimes@nmcourt.fed.us>
Date: Mon, 22 Nov 1999 17:42:47 -0700
Message-Id: <9911229433.AA943318140@nmcourt.fed.us>
To: <w3c-ietf-xmldsig@w3.org>

Please disregard.  I understand Mark's point now and posted a more accurate
response in my last post.  I now think we should allow a few specific unsigned
transforms (e.g. base64-decode the content of an element), but not generic ones.

Thanks,
Rich

____________________Reply Separator____________________
Subject:    Re:RE: 991118 Telecon Minutes   
Author: <w3c-ietf-xmldsig@w3.org>
Date:       11/22/99 5:58 PM


John,

>In general, arbitrary transforms should not be omitted from (or allowed
>outside of) SignedInfo.  Mark Bartel has a fine email that runs through an
>example of why this is so.

The way I read Mark's example, the output of the spoof transform would fail
signature validation, so I'm still not convinced that signing transforms buys
anything.  Anything goes if we aren't validating.  I view transforms (including
c14n) as being very closely related to locations.  Both are windows that allow
us to see through to the signed bits.  Those signed bits can be passed through
new windows, but that's OK as long as you can specify a way (a new "path" of
windows) to get back to them.

Thanks,
Rich


 



Received on Monday, 22 November 1999 19:48:55 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT