W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2001

Re: Processing model for ds:Reference/@Type

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Thu, 18 Oct 2001 08:34:26 -0400
Message-Id: <200110181234.IAA0000060392@torque.pothole.com>
To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
cc: w3c-ietf-xmldsig@w3.org
OK, I thought your question was more what type it was desireable to label
Manifests with.

Donald

From:  Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Date:  Thu, 18 Oct 2001 09:41:33 +0200
In-reply-to:  <200110180055.UAA0000059623@torque.pothole.com>
To:  "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc:  w3c-ietf-xmldsig@w3.org
Message-id:  <2670713731.1003398093@pinkpanther>

>Hi Donald,
>
>I understood that processing of Manifests or referenced References is up to 
>the implementation. I only wanted to hear about what other implementors do. 
>There could be multiple scenarios:
>
>- Only make core validation as described in the
>  spec (we don't follow Manifests)
>- validate all referenced Manifests
>- validate all referenced Manifests if they reside
>  in the same document where the Signature was
>- validate all referenced Manifests and References
>- validate all referenced Manifests and References
>  if they reside in the same document where the
>  Signature was
>- validate all referenced Manifest till a given depth
>  (if a SignedInfo/Reference points to a Manifest
>  which points to a Manifest which points to a Manifest
>  which points to a Manifest, only go e.g. 2 leveles deep)
>
>You can extend this to an arbitrary amount of different "flavours" in 
>Signature validation processing rules. Basically, I see these:
>
>- validate everything regardless of the depth
>- validate till a user-supplied depth.
>
>I know, this is application specific and that we don't mention it in the 
>spec. I only wanted to hear what other implementors did and/or what users 
>wish.
>
>Christian
>
>--On Mittwoch, 17. Oktober 2001 20:55 -0400 "Donald E. Eastlake 3rd" 
><dee3@torque.pothole.com> wrote:
>
>> Hi,
>>
>> Whether to process Manifests, what to do if one or more items in the
>> Manifest fails Reference validation, whether to chase down Manifests
>> pointed to by Manifests, etc., is all application dependent.  It would
>> be reasonable, in my opinion, for an application to only process
>> Manifests where the Reference has a Manifest type attribute, in which
>> case you would need to generate signatures where the Reference URI
>> points directly at the Manifest (rather than, say, an encompassing
>> Object) and specify the Manifest type, if you want that Manifest
>> checked. But applications are not required to behave in this way.
>>
>> Donald
>>
>> From:  Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
>> Date:  Tue, 09 Oct 2001 19:12:45 +0200
>> To:  w3c-ietf-xmldsig@w3.org
>> Message-ID:  <1927385181.1002654765@pinkpanther>
>>
>>> Hi all,
>>>
>>> The Type attribute of a ds:Reference can contain the Type of a Reference
>>> like
>>>
>>> Type="http://www.w3.org/2000/09/xmldsig#Object"
>>>
>>> or
>>>
>>> Type="http://www.w3.org/2000/09/xmldsig#Manifest"
>>>
>>> . Does there exist a proposed processing model how verification is done
>>> on  that? From what I see,  there exist two different ways:
>>>
>>> 1: I ignore this type information and do only core validation:
>>> SignatureValue and the SignedInfo
>>>
>>> 2: I try to follow and verify all nested Manifests (if
>>> Type="&ds;Manifest").
>>>
>>> But what processing should happen if the Type is #Reference or #Object?
>>>
>>> Christian
Received on Thursday, 18 October 2001 08:36:38 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:14 GMT