RE: Processing model for ds:Reference/@Type

Christian,

in IAIK's implementation we do not process Manifests at all per default.
Instead we provide methods by which the user can check if a Reference in
the SignedInfo references a Manifest (indicating this by using the Type
attribute). If yes, the user can trigger the Manifest validation in the
mode that is most convenienct for his use case (either validate a single
Reference of the Manifest, or validating all References of the Manifest).

Regards, Gregor

> -----Original Message-----
> From: w3c-ietf-xmldsig-request@w3.org
> [mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of Christian
> Geuer-Pollmann
> Sent: Thursday, October 18, 2001 9:42 AM
> To: Donald E. Eastlake 3rd
> Cc: w3c-ietf-xmldsig@w3.org
> Subject: Re: Processing model for ds:Reference/@Type
>
>
> Hi Donald,
>
> I understood that processing of Manifests or referenced
> References is up to
> the implementation. I only wanted to hear about what other
> implementors do.
> There could be multiple scenarios:
>
> - Only make core validation as described in the
>   spec (we don't follow Manifests)
> - validate all referenced Manifests
> - validate all referenced Manifests if they reside
>   in the same document where the Signature was
> - validate all referenced Manifests and References
> - validate all referenced Manifests and References
>   if they reside in the same document where the
>   Signature was
> - validate all referenced Manifest till a given depth
>   (if a SignedInfo/Reference points to a Manifest
>   which points to a Manifest which points to a Manifest
>   which points to a Manifest, only go e.g. 2 leveles deep)
>
> You can extend this to an arbitrary amount of different "flavours" in
> Signature validation processing rules. Basically, I see these:
>
> - validate everything regardless of the depth
> - validate till a user-supplied depth.
>
> I know, this is application specific and that we don't mention it in the
> spec. I only wanted to hear what other implementors did and/or what users
> wish.
>
> Christian
>
> --On Mittwoch, 17. Oktober 2001 20:55 -0400 "Donald E. Eastlake 3rd"
> <dee3@torque.pothole.com> wrote:
>
> > Hi,
> >
> > Whether to process Manifests, what to do if one or more items in the
> > Manifest fails Reference validation, whether to chase down Manifests
> > pointed to by Manifests, etc., is all application dependent.  It would
> > be reasonable, in my opinion, for an application to only process
> > Manifests where the Reference has a Manifest type attribute, in which
> > case you would need to generate signatures where the Reference URI
> > points directly at the Manifest (rather than, say, an encompassing
> > Object) and specify the Manifest type, if you want that Manifest
> > checked. But applications are not required to behave in this way.
> >
> > Donald
> >
> > From:  Christian Geuer-Pollmann
> <geuer-pollmann@nue.et-inf.uni-siegen.de>
> > Date:  Tue, 09 Oct 2001 19:12:45 +0200
> > To:  w3c-ietf-xmldsig@w3.org
> > Message-ID:  <1927385181.1002654765@pinkpanther>
> >
> >> Hi all,
> >>
> >> The Type attribute of a ds:Reference can contain the Type of a
> Reference
> >> like
> >>
> >> Type="http://www.w3.org/2000/09/xmldsig#Object"
> >>
> >> or
> >>
> >> Type="http://www.w3.org/2000/09/xmldsig#Manifest"
> >>
> >> . Does there exist a proposed processing model how verification is done
> >> on  that? From what I see,  there exist two different ways:
> >>
> >> 1: I ignore this type information and do only core validation:
> >> SignatureValue and the SignedInfo
> >>
> >> 2: I try to follow and verify all nested Manifests (if
> >> Type="&ds;Manifest").
> >>
> >> But what processing should happen if the Type is #Reference or #Object?
> >>
> >> Christian
>
>
>

Received on Monday, 5 November 2001 09:05:54 UTC