W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2000

XML Processing in Current Implementations

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Fri, 28 Jul 2000 14:45:08 -0400
Message-Id: <3.0.5.32.20000728144508.013e8738@localhost>
To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
In light of our recommending {Only What is "Seen" Should be Signed} AND
{"See" What is Signed} I have a question now that we have some more
implementation experience. When the document [1] below is signed, what is
Signed? If a PI references a style sheet, this could change the meaning of
the document being signed, is this change also signed?

1. If the document has Canonical XML applied, is the Infoset availble
through DOM/SAX that of the example XML instance with a PI Infoset node, or
the resulting (transformed) instance? If the infoset includes the changes,
we can easily satisfy the security requirements above be recommending
canonicalization.
2. Otherwise, we'd have to recommend that 'http://foo.example.com/bar.xslt'
also be included in a Signature Reference if we  want to get bit by having
foo.example.com changing the stylesheet to affect the result after the
signature.

[1] Example (where bar.xslt changes the total amount value)
<?xml-stylesheet type="text/xml" href="http://foo.example.com/bar.xslt"?>
<html xsl:version="1.0"
      xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
      xmlns="http://www.w3.org/TR/xhtml1/strict">
  <head>
    <title>Expense Report Summary</title>
  </head>
  <body>
    <p>Total Amount: 5</p>
  </body>
</html>

_________________________________________________________
Joseph Reagle Jr.   
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Friday, 28 July 2000 14:45:22 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:10 GMT