W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2000

RE: Detached signatures and HTTP Redirects

From: Philip Hallam-Baker <pbaker@verisign.com>
Date: Wed, 30 Aug 2000 08:48:04 -0700
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F408EBFE@vhqpostal.verisign.com>
To: "'Dan Connolly'" <connolly@w3.org>, w3c-ietf-xmldsig@w3.org
> Yes. Since the signature includes a digest of
> the eventual body content
>   <DigestValue>Y5SLN17HxLLMtTeuYGfYlBFmNlU=</DigestValue>
> I don't see that following a redirect introduces
> significant security risks that aren't inherent
> in, say, using DNS to find the origin server
> in the first place. (well... beware of bonehead
> plays like looping redirects, but that's just
> an operational risk, not anything terribly subtle)

I don't think that DNS makes a difference. Consider the
case in which you have DNSSEC (or equivalent) and so
you have a trusted binding to the IP address and you also
run IPSEC keying off an a DNSSEC secured key.

It still makes sense to follow the redirect since
you are being told authoritatively to 'go somewhere
else'.

Brians point may have been that the spec needs to
make the intention clear on this point.


The digest does not make a difference in practice
since the relying party has to decide whether to
trust the key, not the document signer. Thus the
validation information may well be different for
different relying parties. (Have a look at the
Federal Bridge CA for examples :-)

		Phill 



Received on Wednesday, 30 August 2000 11:48:37 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:11 GMT