W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Re: Simplified Syntax

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Tue, 23 Nov 1999 18:43:42 -0500
Message-Id: <3.0.5.32.19991123184342.049d6a60@localhost>
To: "John Boyer" <jboyer@uwi.com>
Cc: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>, "Dave Solo" <dsolo@alum.mit.edu>, "DSig Group" <w3c-ietf-xmldsig@w3.org>
At 10:45 99/11/20 -0800, John Boyer wrote:
 >I would like to ask you to consider at length the merits of completely
 >throwing out any notion that core behavior should dig up resources external
 >to the document containing the Signature element.  The proposal below
 >basically takes what we have now and throws out all of the stuff that most
 >people really dislike, so it is not terribly different from what we have
 >now.

This conversation has been useful to me in that a number of things are
clearer in my own head, which is a good thing! Two responses follow, one in
a chair capacity and one in a technical capacity.

Chair: There doesn't seem to be strong support  for change on the list so
far. I think this is mainly for two reasons (1) people aren't keen to change
what we have now and (2) in your proposal it relies upon XPath.
Procedurally, David has said he will work on another rev that the editors
will post next week and it will hopefully speak more clearly on these
issues. At that point we can take a consensus poll in terms of moving
forward and document any minority positions.

Technical: The one thing I like in your proposal is the clarity between the
signature core (cryptographically validating bytes) and manifests. As I
originally envisioned our design, the "core behavior" would do nothing more
than worry about signature (cryptographic) validity. We would also define a
manifest for resources and their content's digests. If we did a good enough
job in defining the manifest semantics we could require Signature
applications to be aware of those semantics! (I knew doing a good job on
that topic would be hard and I think we've seen that it is!) Whether we
called it SignedInfo (and included two other pieces of information) or
occurred within or without the Signature was immaterial in my mind.

What I hope we can do is make a few minimal changes so as to restore this
distinction between a bucket of bits and manifest/reference semantics. An
easy way to do this I think would be to introduce an element within
SignedInfo in which you can place arbitrary data; this might include a set
of ObjectReferences or not. However, I'm not sure I've convinced others this
is a useful thing.

Finally, I feel I've learned the following about ObjectReferences. People
should feel free to tell me if they agree or disagree with any of these
specific points:

1. A digest (and subsequent signature) is over bits. How you get those bits
is immaterial to the digest.
2. Since the "critical bits" of the DigestContent (the stuff digested) is
often not explicitly represented, it is useful to document the way in which
they were derived -- that specification might even permit multiple ways (the
URI is dynamically dereferenced, more than one XML instance transforms into
the final XML instance that is digested, etc.). However this information has
no necessary meaning to the DigestValue itself -- the question is whether
the final value is the same.
2.1 Consequently, my earlier thinking of starting with a source document,
and putting it through various transformations (and achieving closure)
starts at the wrong end of the stick. As TimBL stated when we started
worrying about transforms and context, you are signing the derived content.
3. WE define what our syntax means. We are not "changing its meaning under
the covers." We have to explicitly define the meaning of every bit of syntax
we have. This is why I like to think in terms of assertions with a subject,
predicate and object. I think it is a good idea to say the presence of a
Transforms and a Location element means:
a. There is a set of XML documents that when transformed yield DigestContent
(the content that is finally digested.)
b. At some point in time, the XML document obtained by dereferencing this
URI was just such a document.

BTW: I'm not quite sure why you feel the current spec required XSLT, merely
one of many possible transform algorithms and one I think we should optional
in section 5.1 given it is still a WD (and XPath is now a REC).

_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Tuesday, 23 November 1999 18:43:55 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT