W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2002

Re: FW: Schema & non-repudiation query

From: Donald Eastlake 3rd <dee3@torque.pothole.com>
Date: Sun, 6 Oct 2002 20:36:52 -0400 (EDT)
To: "Pitt, Esmond" <pitte@anz.com>
Cc: XML Signature <w3c-ietf-xmldsig@w3.org>
Message-ID: <Pine.LNX.4.44.0210062033310.26142-100000@netbusters.com>

Like lots of things in XMLDSIG, it depends on your application. If 
signed XML is supposed to stand on its own, you need to have the 
signature also cover the schema. But if you have some protocol defined 
with a fixed schema that all senders and receivers known, you don't 
have to worry about this.


PS: See 

On Mon, 7 Oct 2002, Pitt, Esmond wrote:

> Date: Mon, 7 Oct 2002 10:18:02 +1000 
> From: "Pitt, Esmond" <pitte@anz.com>
> To: XML Signature <w3c-ietf-xmldsig@w3.org>
> Subject: FW: Schema & non-repudiation query
> Resent-Date: Sun, 6 Oct 2002 20:19:22 -0400 (EDT)
> Resent-From: w3c-ietf-xmldsig@w3.org
> There was a discussion in this list around 1999 on this topic. How was it
> finally resolved?
> The schema for a document is logically speaking part of the data that is
> signed, because it is the source of the default attribute values. However it
> is not necessarily physically present in the signed document. This leads to
> an integriy problem: if the schema associated with a message is lost or
> corrupted, the signature on the document becomes non-verifiable and legal
> non-repudiation is lost.
> My question is, what kind of security regimes are people putting around XML
> schemas associated with signed XML documents in practice?

 Donald E. Eastlake 3rd                       dee3@torque.pothole.com
 155 Beaver Street              +1-508-634-2066(h) +1-508-851-8280(w)
 Milford, MA 01757 USA                   Donald.Eastlake@motorola.com
Received on Sunday, 6 October 2002 20:36:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:38 UTC