W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

Signed XML or XML Signatures Re: XML versus ASN.1/DER blob

From: John Boyer <jboyer@uwi.com>
Date: Tue, 20 Apr 1999 16:32:25 -0700
Message-ID: <014e01be8b86$0cabb250$9ccbf4cc@kuratowski.uwi.bc.ca>
To: <dee3@us.ibm.com>
Cc: "Dsig group" <w3c-xml-sig-ws@w3.org>
Hi Donald,

>### In an XML standard, things should be in XML tags.  If you want to do
>PKCS#7 signatures that make some use of XML packaging, you can.  Just don't
>pretend they are XML signatures.


I don't think there is a need for pretending.  The workshop we just did was
on "Signed XML".  We're trying to figure out how to sign XML.  This is a
logically distinct concept from how we choose to express the signature.

Consider the consequences of requiring that signed XML should create XML
signatures.  The W3C needs to create a reference implementation of the
signed XML spec.  If that implementation includes the cryptographic layer,
then the W3C will have to change its name to the USCWC (United States and
Canada Web Committee).

Hence, we are talking about a spec that defines an interface to external
cryptographic modules.  Are we simply going to exchange blocks of XML with
those modules?  If so, this means that all existing signature technologies
and all new ones going forward would need to embed XML read and write
modules.  This might just work in a field as young and cutting edge as
cryptography, but we cannot generally assume that other technologies will
switch their formats to XML to satisfy only one group of possible users.  A
humorous analogy would be to claim to have a fix for "the" Y2K bug, but that
the fix requires everyone to change their file formats to XML.  In this
example the file format is the problem in the first place (the humourous
part), but unless we want to be stuck with writing an XML parser in COBOL,
the solution just isn't appropriate (the analogy part).  The same is true
for the low-level operation of existing cryptographic engines.  It may not
be appropriate, desirable or feasible to wire XML read and write
capabilities into every cryptographic engine.  Also, even if the
manufacturer views signing XML as high priority, that doesn't mean they have
to express their signatures in XML in order to sign XML.

So, as I said, the XML awareness requirement might just work in this case,
but for the sake of covering all cases... Recall that we don't want the W3C
to build the crypto layer, and let's suppose we don't want to require XML
awareness on the crypto modules.  Well, *somebody* has to translate from XML
to the crypto modules' blob formats.  Since the crypto modules won't do it
(else see above), that means we have to specify the translation in the
signed XML spec.  This of course means that we need to know the binary
formats with which we intend to interchange data.  In particular, suppose
some unforeseen technology comes out that simply requires additional data
for which we didn't define tags.  New signed XML spec, new DTD, worldwide
software upgrade, high cost.

Why do it this way when we already have an example of existing technology
whose viability depends on non-readability?

Why do it this way when we can write a spec now that does not have to change
with new technologies because it does not try to stick its tags where they
don't belong.

We should leave signing details to the creators of signature technology.
Let them create their own formats, cryptographic or otherwise, and let them
convince the market about the efficacy of the solution in various
circumstances.  Let us focus on creating a paradigm that makes it simple to
integrate all technologies without digging too deep.  XML itself doesn't
have to solve the world's security problems.  Naturally, our spec should not
introduce new security problems during integration, but the integrated
modules themselves should be responsible for providing the real security.

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company
jboyer@uwi.com
Received on Tuesday, 20 April 1999 19:28:24 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 11:28:04 EDT