RE: Canonicalization of <SignedInfo> for Reference Validation from John Boyer on 2001-07-05 (w3c-ietf-xmldsig@w3.org from July to September 2001)

From: John Boyer <JBoyer@PureEdge.com>
Date: Thu, 5 Jul 2001 14:31:17 -0700
To: "Dournaee, Blake" <bdournaee@rsasecurity.com>, "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: <w3c-ietf-xmldsig@w3.org>
Message-ID: <7874BFCCD289A645B5CE3935769F0B520C3417@tigger.PureEdge.com>

Hi Blake,

<blake>
On a related note, it seems like encoding transforms (such as Base64 or
compression or anything that significantly permutes the input data)
would
violate the "See what you sign" rule.
</blake>

<john>
A transforms such as base64, compression, etc. do not violate "What you
'see' is what you sign?", provided that the transformation algorithms
follow well-documented public standards.

For example, when you sign the binary of a jpeg image, are you signing
what you see?  No you're signing highly compressed (possibly lossy) data
that corresponds to a bitmap image via a well-known public algorithm, so
we accept it.  By comparison, signing a base-64 encoding of a jpeg is
peanuts.

Cheers,
John Boyer
Senior Product Architect, Software Development
Internet Commerce System (ICS) Team
PureEdge Solutions Inc. 
Trusted Digital Relationships
v: 250-708-8047  f: 250-708-8010
1-888-517-2675   http://www.PureEdge.com <http://www.pureedge.com/>
</john>

-----Original Message-----
From: Joseph M. Reagle Jr. [mailto:reagle@w3.org]
Sent: Thursday, July 05, 2001 11:36 AM
To: Dournaee, Blake
Cc: Dsig (E-mail)
Subject: Re: Canonicalization of <SignedInfo> for Reference Validation

At 14:10 7/5/2001, Dournaee, Blake wrote:
>I've been thinking about Section 3.2.1: Reference Validation and am not
>quite convinced that there is a real security reason for canonicalizing
><SignedInfo> for Reference Validation.

Hi Blake,

You're right, for Canonical XML there isn't much of a reason. *But*
since
other canonicalizations can be used, in order to satisfy the "see what
you
sign" (and its sister maxims) you should reference validate (see) what
was
signed (canonical form.) An area where this might be important is where
a
canonicalization algorithm rewrote URIs. Even something as innocuous as
absolutizing relative URIs (which was a point of debate with respect to
namespaces) could change what it is your signing.

Canonical XML doesn't make any such changes, and one could optimize
appropriately, but since the specification is generally written from an
algorithm independent point of view it includes that processing/warning.

--
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Thursday, 5 July 2001 17:31:50 UTC