- From: Dournaee, Blake <bdournaee@rsasecurity.com>
- Date: Thu, 5 Jul 2001 11:10:20 -0700
- To: "'Joseph M. Reagle Jr.'" <reagle@w3.org>
- Cc: "Dsig (E-mail)" <w3c-ietf-xmldsig@w3.org>
Hello All, I've been thinking about Section 3.2.1: Reference Validation and am not quite convinced that there is a real security reason for canonicalizing <SignedInfo> for Reference Validation. It is obvious to me that we need to canonicalize <SignedInfo> for Signature Validation to work properly, but is it really necessary for Reference Validation? Couldn't the canonicalization step be moved to the Signature Validation step at a performance savings to those applications who are only going to be relying on Reference Validation? (People shouldn't do this, but I reckon that they will). It seems to me that the only benefit that canonicalization has for Reference Validation is to enable the XML to be parsed easily (?) - and I'm not sure this is really necessary anyhow; Any permissible syntactic changes that are removed during canonicalization wouldn't affect signature validity anyhow, and an attacker wanting to break Reference validation could do it by changing element content. Is there something that I am missing here? Kind Regards, Blake Dournaee Toolkit Applications Engineer RSA Security "The only thing I know is that I know nothing" - Socrates
Received on Thursday, 5 July 2001 14:10:38 UTC