A proposal re Object/Manifest/etc. from Donald E. Eastlake 3rd on 1999-12-09 (w3c-ietf-xmldsig@w3.org from October to December 1999)

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Thu, 09 Dec 1999 09:29:26 -0500
To: w3c-ietf-xmldsig@w3.org
cc: dee3@us.ibm.com
Message-Id: <199912091429.JAA31350@torque.pothole.com>

I've been bothered for some time by various aspects of the current
syntax...it seemed a waste to wrap Manifest, which will probably be a
very popular element, in the extra "Object" element...its probably a
good idea to group the repeating ObjectReference element in SignedInfo
a separate signature from digest verification (a thought Joseph has
had also).  Then again, the incluson of the Object start/end tags in
the non-tranformed digest of that element, which requires you to use a
transform, a simple transform but a transform none the less, for the
common case of wanting to sign binary data the is encoded so it can
be inside XML, etc...

I'd like to suggest we discuss the following changes, using the
rough notation from Section 2 of the current draft:

<Signature>
	(SignedInfo)
	(SignatureValue)
	(KeyInfo)?
	(Manifest)?
</Signature>

<SignedInfo>
	(CanonicalizationMethod)?
	(SignatureMethod)
	(Manifest)
</SignedInfo>

<Manifest>
	(Reference)*
	(Object)*
	(SignatureProperty)*
</Manifest>

<Reference (URI=|IDREF=)? Type= >
	(Transforms)?
	(DigestMethod)
	(DigestValue)
</Reference>

<Object Encoding=? />

Various detail such as ID attributes are omitted.

There are several ideas here, some of which are not clear from just
the structure above.

Object is just used for data, not generally to enclose Manifest or
SignatureProperties.  The rule on calculating a DigestValue if you are
digesting data in an Object is to NOT include the start and end tags
and to automatically undo the Encoding declared for that data.  Thus,
in the simple case, no transforms are necessary even as data moves
between an Object wrapping and a straight binary form.  When other
XML elements are Reference'ed, the start and end tags would be include,
but I don't think a single special case check like this is much of a
burden.

You can incorporate data directly inside SignedInfo in an Object
although if you do that, you can't move it out.

Manifest is promoted to at least the same prominence as Object and
used to caused repeating elements in the current syntax to be wrapped
(except inside Manifest).  The verification os the signature over
SignedInfo is more clearly separate from the verification of the
digest values inside the Manifest inside SignedInfo, and arrangement
which should make exposition easier and would encourage
implementations to provide a Manifest verification facility.

Of course, there are also many minor variations possible on this..

Thanks,
Donald
=====================================================================
 Donald E. Eastlake 3rd   +1 914-276-2668     dee3@torque.pothole.com
 65 Shindegan Hill Road, RR#1  +1 914-784-7913(work)  dee3@us.ibm.com
 Carmel, NY 10512 USA

Received on Thursday, 9 December 1999 09:29:36 UTC