W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

RE: Transforms useless in current spec

From: John Boyer <jboyer@uwi.com>
Date: Wed, 12 Jan 2000 09:07:56 -0800
To: "Peter Lipp" <Peter.Lipp@iaik.at>, <Gregor.Karlinger@iaik.at>
Cc: "DSig Group" <w3c-ietf-xmldsig@w3.org>
Message-ID: <NDBBLAOMJKOFPMBCHJOIEEPMCCAA.jboyer@uwi.com>
Hi Peter,

<Peter>
It seems to me that one thing we miss currently was that we have no way to
force the core behaviour to dereference any URI or IDREF, in those cases
where an URI or IDREF is meant to be understood as a location. This would
now be application specific...

Personally, I don't see the need for that, as I still believe in the
scenario that if I have some data, hash it, and the signature verifies, this
is the only thing that counts, and I need to accept that the data I have is
the data that had been signed. Where it came from and how it was
transformed, I don't see as being significant for the general case.
</Peter>

<John>
Your argument is self contradictory.  The cryptography is being used to
protect a message M.  What's in M?  Statements.  What are statements?
"Person X agrees to pay Y for Z from A on date D", "This message was derived
by the following sequence of transforms".  So, if as you say, you 'need to
accept that data' that was signed, and that data includes a statement S
about how the data was derived, then you need to accept S, which means that
S must actually be correct.  Thus, by your own argument, you should care
very much about how the data was transformed.

Please also see my email [1] from yesterday.  It clearly shows how easy it
is to get a security analyst to reject a piece of software when the
validator doesn't pay attention to the list of steps necessary to derive the
signed message.

[1]
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000JanMar/0023.html

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company

</John>

-----Original Message-----
From: Peter Lipp [mailto:Peter.Lipp@iaik.at]
Sent: Wednesday, January 12, 2000 1:33 AM
To: John Boyer; Gregor.Karlinger@iaik.at
Cc: DSig Group
Subject: AW: Transforms useless in current spec


> signed.  I don't recall the end of the conversation being that we would
> adopt location as hint.
This was one of those discussions which seemed to end by fatigue and not by
conclusions :-) And I wouldn't like to have this discussion revived..... but

It seems to me that one thing we miss currently was that we have no way to
force the core behaviour to dereference any URI or IDREF, in those cases
where an URI or IDREF is meant to be understood as a location. This would
now be application specific and any application would need to put this into
SignatureProperties or so. The question seems to be: is this something that
should be defined now as a core option?

Personally, I don't see the need for that, as I still believe in the
scenario that if I have some data, hash it, and the signature verifies, this
is the only thing that counts, and I need to accept that the data I have is
the data that had been signed. Where it came from and how it was
transformed, I don't see as being significant for the general case.

Peter
______________________________________
Dr. Peter Lipp
IAIK, TU Graz
Inffeldgasse 16a, A-8010 Graz, Austria
Tel: +43 316 873 5513
Fax: +43 316 873 5520
Web: www.iaik.at
Received on Wednesday, 12 January 2000 12:11:50 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT