W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2006

RE: Future work on XML Signature

From: Bugbee, Larry <larry.bugbee@boeing.com>
Date: Mon, 18 Sep 2006 13:48:36 -0700
Message-ID: <9418DB6C0B9D434190E54A78E931C3D1015F8EDF@XCH-NW-7V1.nw.nos.boeing.com>
To: "Anders Rundgren" <anders.rundgren@telia.com>, "Thomas Roessler" <tlr@w3.org>, <w3c-ietf-xmldsig@w3.org>

Also of note, and not XML Sig per se, but during a test over the
weekend....  It seems X.509 certs signed with ECDSA are hashed with
SHA-1 even if stronger curves are used?  

I need to verify this, but it will be a few days before I can get back
to it.

Larry

 

> -----Original Message-----
> From: Anders Rundgren [mailto:anders.rundgren@telia.com] 
> Sent: Monday, September 18, 2006 1:42 PM
> To: Bugbee, Larry; Thomas Roessler; w3c-ietf-xmldsig@w3.org
> Subject: Re: Future work on XML Signature
> 
> I have seen RFC 4050:
> 
>   "This memo provides information for the Internet community.  It does
>    not specify an Internet standard of any kind"
> 
> I also lack a published example of an ECDSA signature and 
> test vectors.
> Since ECC is little known there is much to do in order to 
> make ECDSA useful.
> 
> Anders
> 
> ----- Original Message -----
> From: "Bugbee, Larry" <larry.bugbee@boeing.com>
> To: "Anders Rundgren" <anders.rundgren@telia.com>; "Thomas 
> Roessler" <tlr@w3.org>; <w3c-ietf-xmldsig@w3.org>
> Sent: Monday, September 18, 2006 22:21
> Subject: RE: Future work on XML Signature
> 
> 
> 
> Have you seen RFC 4050 and 4051?
> 
> Larry
> 
> 
> > -----Original Message-----
> > From: Anders Rundgren [mailto:anders.rundgren@telia.com] 
> > Sent: Monday, September 18, 2006 12:50 PM
> > To: Thomas Roessler; w3c-ietf-xmldsig@w3.org
> > Subject: Re: Future work on XML Signature
> > 
> > 
> > Thomas,
> > 
> > It seems that ECDSA still lacks a formal inclusion in the XML 
> > Signature package.
> > 
> > BTW, the XML Signature application for Internet browsers I 
> > have mentioned earlier is now in 1.0 state: 
> > http://webpki.org/WASP-tutorial.pdf
> > 
> > regards
> > Anders Rundgren
> > 
> > ----- Original Message -----
> > From: "Thomas Roessler" <tlr@w3.org>
> > To: <w3c-ietf-xmldsig@w3.org>
> > Sent: Monday, September 18, 2006 18:31
> > Subject: Future work on XML Signature
> > 
> > 
> > 
> > Hello,
> > 
> > for your information, we're working on a charter for a W3C Working
> > Group that would have the task to specifically sort out the xml:id
> > mess in XML Signature (by making C14N 1.1 the mandatory to implement
> > algorithm, and essentially making the changes described in the
> > dsig-usage note), and to fix the Decryption transform for XML
> > Signature by making similar changes.
> > 
> > The expectation is that this charter would limit the
> > conformance-affecting changes that the group can make to those that
> > are demonstrated to be necessary to sort out the immediate problem.
> > 
> > To make the work less dull, the group will also have the mandate to
> > write a draft charter for broader follow-up work, and to identify
> > issues that need to be addressed.
> > 
> > We intend to have the version of XML Signature and Processing that
> > this group would produce submitted to the IETF for publication as an
> > RFC; the mechanics of that are presently being discussed.
> > 
> > Feed-back on the overall approach would be most welcome.
> > 
> > Regards,
> > -- 
> > Thomas Roessler, W3C   <tlr@w3.org>
> > 
> > 
> > 
> > 
> > 
> > 
> > On 2006-09-15 18:28:09 +0200, Jose Kahan wrote:
> > > From: Jose Kahan <jose.kahan@w3.org>
> > > To: w3c-ietf-xmldsig@w3.org
> > > Date: Fri, 15 Sep 2006 18:28:09 +0200
> > > Subject: [FYI] Transition announcement: First Public 
> > Working Draft of
> > > C14N 1.1 and two WG Notes
> > > Reply-To: jose.kahan@w3.org
> > > List-Id: <w3c-ietf-xmldsig.w3.org>
> > > X-Spam-Level: 
> > > X-Archived-At:
> > > 
> http://www.w3.org/mid/20060915162809.GF29096@rakahanga.inrialpes.fr
> > > 
> > > FYI.
> > > 
> > > All feedback is welcome at the mailing lists that are 
> given in those
> > > documents.
> > > 
> > > Thanks!
> > > 
> > > -jose
> > 
> > > From: "Grosso, Paul" <pgrosso@ptc.com>
> > > To: chairs@w3.org, w3t-comm@w3.org
> > > Cc: public-xml-core-wg@w3.org
> > > Date: Fri, 15 Sep 2006 12:14:04 -0400
> > > Subject: Transition announcement: First Public Working 
> > Draft of C14N 1.1
> > > and two WG Notes
> > > List-Id: <public-xml-core-wg.w3.org>
> > > X-Archived-At:
> > > 
> > http://www.w3.org/mid/CF83BAA719FD2C439D25CBB1C9D1D30204ABFCD3
> > @HQ-MAIL4.ptcnet.ptc.com
> > > 
> > > 
> > > 
> > > The XML Core WG announces the initial publication of 
> > > the following three C14N related documents and welcomes
> > > review from all interested parties:
> > > 
> > > Known Issues with Canonical XML 1.0 (C14N/1.0)
> > > W3C Working Draft 15 September 2006
> > > 
> > > This version:
> > >      http://www.w3.org/TR/2006/WD-C14N-issues-20060915/
> > > Latest version:
> > >      http://www.w3.org/TR/C14N-issues/
> > > 
> > > [This will become a WG Note.]
> > > ---
> > > 
> > > Using XML Digital Signatures in the 2006 XML Environment
> > > W3C Working Draft 15 September 2006
> > > 
> > > This version:
> > >      http://www.w3.org/TR/2006/WD-DSig-usage-20060915/
> > > Latest version:
> > >      http://www.w3.org/TR/DSig-usage/
> > > 
> > > [This will become a WG Note.]
> > > 
> > > ---
> > > 
> > > Canonical XML1.1
> > > W3C Working Draft 15 September 2006
> > > 
> > > This version:
> > >      http://www.w3.org/TR/2006/WD-xml-c14n11-20060915
> > > Latest version:
> > >      http://www.w3.org/TR/xml-c14n11
> > > 
> > > [This is a Recommendation-track specification.]
> > > 
> > > ==========================================================
> > > 
> > > The document abstracts and status sections are as follows:
> > > 
> > > WG Note: Known Issues with Canonical XML 1.0 (C14N/1.0)
> > > -------------------------------------------------------
> > > 
> > > Abstract
> > > --------
> > > This technical note addresses some of the issues related
> > > to inheritance of the XML attributes xml:base and xml:id 
> > > and the W3C Recommendation for Canonical XML Version 1.0 
> > > [C14N10] (Errata). Shortcomings of C14N/1.0 are noted out 
> > > and the use of a new C14N/1.1 recommendation with the XML 
> > > Digital Signature 1.0 Recommendation [XMLDSIG] is discussed. 
> > > 
> > > Status
> > > ------
> > > This section describes the status of this document at the 
> > > time of its publication. Other documents may supersede this 
> > > document. A list of current W3C publications and the latest 
> > > revision of this technical report can be found in the W3C 
> > > technical reports index at http://www.w3.org/TR/.
> > > 
> > > This is the W3C First Public Working Draft of "Known Issues 
> > > with Canonical XML 1.0 (C14N/1.0)", produced by the XML Core 
> > > Working Group, as part of the XML Activity. A companion note, 
> > > "XML Digital Signatures in the 2006 XML Environment" 
> [XMLDSIG2006], 
> > > describes in further detail how a revised canonicalization 
> > > algorithm (C14N/1.1 or other) may be used with the current 
> > > XML-SIG/1.0 Specification.
> > > 
> > > Once all the comments about this document will have been 
> > > addressed, the Working Group intends to publish a final 
> > > version of this document as a W3C Working Group Note.
> > > 
> > > Please send comments related to this document to 
> > > www-xml-canonicalization-comments@w3.org (public archive).
> > > 
> > > Publication as a Working Draft does not imply endorsement 
> > > by the W3C Membership. This is a draft document and may be 
> > > updated, replaced or obsoleted by other documents at any 
> > > time. It is inappropriate to cite this document as other 
> > > than work in progress.
> > > 
> > > This document was produced by a group operating under the 
> > > 5 February 2004 W3C Patent Policy. This document is informative 
> > > only. W3C maintains a public list of any patent disclosures 
> > > made in connection with the deliverables of the group; that 
> > > page also includes instructions for disclosing a patent. An 
> > > individual who has actual knowledge of a patent which the 
> > > individual believes contains Essential Claim(s) must disclose 
> > > the information in accordance with section 6 of the W3C 
> > Patent Policy.
> > > 
> > > WG Note: Using XML Digital Signatures in the 2006 XML Environment
> > > -----------------------------------------------------------------
> > > 
> > > Abstract
> > > --------
> > > This technical note describes how to use the XML Digital 
> > > Signature Recommendation [XMLDSIG] in a way consistent with 
> > > the present (fall 2006) XML environment. In particular, this 
> > > note takes into account the recent xml:id Version 1.0 [XMLID] 
> > > and Canonical XML Version 1.1 [C14N11] Recommendations.
> > > 
> > > This note suggests constraints on the use of XML Signature, 
> > > and relies on extension points present in the XML Digital 
> > > Signature Recommendation. This note does not override any 
> > > aspect of that Recommendation.
> > > 
> > > Status
> > > ------
> > > This section describes the status of this document at the time 
> > > of its publication. Other documents may supersede this document. 
> > > A list of current W3C publications and the latest 
> revision of this 
> > > technical report can be found in the W3C technical reports index 
> > > at http://www.w3.org/TR/.
> > > 
> > > This is the W3C First Public Working Draft of "XML Signatures in 
> > > the 2006 XML Environment", produced by the XML Core 
> Working Group, 
> > > as part of the XML Activity. A companion note, "Known Issues with 
> > > Canonical XML 1.0 (C14N/1.0)" [C14NNOTE], discusses in 
> detail some 
> > > of the issues related to the inheritance of certain XML 
> attributes 
> > > and the Canonical XML Recommendation 1.0 [C14N10]. 
> > > 
> > > Once all the comments about this document will have been 
> addressed, 
> > > the Working Group intends to publish a final version of 
> > this document 
> > > as a W3C Working Group Note.
> > > 
> > > Please send comments related to this document to 
> > > www-xml-canonicalization-comments@w3.org (public archive).
> > > 
> > > Publication as a Working Draft does not imply endorsement by the 
> > > W3C Membership. This is a draft document and may be 
> > updated, replaced 
> > > or obsoleted by other documents at any time. It is 
> inappropriate to 
> > > cite this document as other than work in progress.
> > > 
> > > This document was produced by a group operating under the 
> > > 5 February 2004 W3C Patent Policy. This document is 
> > informative only. 
> > > W3C maintains a public list of any patent disclosures made 
> > in connection
> > > with the deliverables of the group; that page also includes 
> > instructions
> > > for disclosing a patent. An individual who has actual 
> > knowledge of a 
> > > patent which the individual believes contains Essential 
> > Claim(s) must 
> > > disclose the information in accordance with section 6 of 
> > the W3C Patent 
> > > Policy.
> > > 
> > > 
> > > First WD: Canonical XML 1.1
> > > ---------------------------
> > > 
> > > Abstract
> > > --------
> > > Canonical XML 1.1 is a revision to Canonical XML 1.0 to address 
> > > issues raised while producing the xml:id specification.
> > > 
> > > Any XML document is part of a set of XML documents that are 
> > logically 
> > > equivalent within an application context, but which vary in 
> > physical 
> > > representation based on syntactic changes permitted by XML 
> > 1.0 [XML] 
> > > and Namespaces in XML [Names]. This specification describes 
> > a method 
> > > for generating a physical representation, the canonical 
> form, of an 
> > > XML document that accounts for the permissible changes. 
> Except for 
> > > limitations regarding a few unusual cases, if two documents 
> > have the 
> > > same canonical form, then the two documents are logically 
> > equivalent 
> > > within the given application context. Note that two documents may 
> > > have differing canonical forms yet still be equivalent in a given 
> > > context based on application-specific equivalence rules for which 
> > > no generalized XML specification could account.
> > > 
> > > Status
> > > ------
> > > This section describes the status of this document at the time 
> > > of its publication. Other documents may supersede this document. 
> > > A list of current W3C publications and the latest 
> revision of this 
> > > technical report can be found in the W3C technical reports index 
> > > at http://www.w3.org/TR/.
> > > 
> > > This is a First Public Working Draft of Canonical XML 1.1. 
> > > This diff-marked version is being made available for review 
> > > by W3C members and the public. It is intended to give an 
> > > indication of the W3C XML Core Working Group's intentions 
> > > for this new version of Canonical XML and our progress in 
> > > achieving them. It attempts to be complete in indicating 
> > > what will change from version 1.0, but does not specify in 
> > > all cases how things will change. A subsequent Last Call 
> > > draft will consist of a regular, non-diff-marked version 
> > > of this specification.
> > > 
> > > Please send comments on this Working Draft to 
> > > www-xml-canonicalization-comments@w3.org (archive).
> > > 
> > > Publication as a Working Draft does not imply endorsement 
> > by the W3C 
> > > Membership. This is a draft document and may be updated, 
> > replaced or 
> > > obsoleted by other documents at any time. It is 
> > inappropriate to cite 
> > > this document as other than work in progress.
> > > 
> > > This document has been produced by the W3C XML Core Working 
> > Group as 
> > > part of the W3C XML Activity. The authors of this 
> document are the 
> > > members of the XML Core Working Group and invited experts 
> from the 
> > > Digital Signature community.
> > > 
> > > This document was produced by a group operating under the 
> > > 5 February 2004 W3C Patent Policy. W3C maintains a public 
> > > list of any patent disclosures made in connection with the 
> > > deliverables of the group; that page also includes instructions 
> > > for disclosing a patent. An individual who has actual knowledge 
> > > of a patent which the individual believes contains Essential 
> > > Claim(s) must disclose the information in accordance with 
> > > section 6 of the W3C Patent Policy.
> > > 
> > > The English version of this specification is the only 
> > normative version.
> > > 
> > > 
> > > Paul Grosso for the XML Core WG
> > > 
> > > 
> > 
> > 
> > 
> > 
> > 
> > 
> 
> 
> 
> 
Received on Monday, 18 September 2006 20:49:07 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:40 UTC