RE: Transforms useless in current spec from John Boyer on 2000-01-12 (w3c-ietf-xmldsig@w3.org from January to March 2000)

From: John Boyer <jboyer@uwi.com>
Date: Wed, 12 Jan 2000 09:45:50 -0800
To: "Peter Lipp" <Peter.Lipp@iaik.at>, <Gregor.Karlinger@iaik.at>
Cc: "DSig Group" <w3c-ietf-xmldsig@w3.org>
Message-ID: <NDBBLAOMJKOFPMBCHJOICEPNCCAA.jboyer@uwi.com>

Consider the following example:

Statement: I am a liar and never say the truth.
Signed by my private key.

What now? :-)

<John>
Quite easy.  The signature would be thrown out of court because the set of
statements contains an inconsistency.  In a purely mathematical sense, if
you can derive the formula P and not P, then your system is not
'consistent'.

But there are no inconsistencies in the statements I'm talking about.
</John>

What I meant with "accept the data" was the bytes representing the data, not
the semantics. I can always get into trouble if I mix those two. If the
application requires the semantics of the statement signed to be equally
truthfull as the signature verifys cryptographically, it needs to take care
of that. And it can, using our system. Nobody prevents your app to always go
and fetch the document and transform it, even if it was the 1025th time
today. You can do that, if this is required to make your security analyst
happy. But I strongly object that this is something that will always be
required for any application. It is perfectly ok to cache the transformed
document, if its ok for the application.

<John>
I am quite certain that I'm not alone in my opinion.  For example, Phil
Hallam-Baker made the point quite vociferously at FTF2 that, in many
applications, the inability to obtain the signed data from the given URL (or
by extension from the given transforms) should in fact break the signature.

Incidentally, he said this while I was trying to present a methodology for
supporting your point of view that there are applications where it should
not matter (which is an opinion exemplified by the needs of Rich Hime's
application).

So, your strong objection is noted, but I've already presented on this list
a methodology whereby applications can specify that the URL and transforms
need not be correct.  Thus, you application is not forced to be like mine.
However, the truth of the transformations MUST be required by default
because the transforms are signed by default, and your application can
override it if desired by dropping the URL and/or transforms from what gets
signed.

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company

</John>

Peter

Received on Wednesday, 12 January 2000 12:49:29 UTC