W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

Re: Fw: XML versus ASN.1/DER blob

From: John Boyer <jboyer@uwi.com>
Date: Wed, 21 Apr 1999 10:24:25 -0700
Message-ID: <004901be8c1b$ce4ea9e0$9ccbf4cc@kuratowski.uwi.bc.ca>
To: "Phillip M Hallam-Baker" <pbaker@verisign.com>
Cc: "Dsig group" <w3c-xml-sig-ws@w3.org>
>I don't think we need to address signature schemes based on

For starters, most have misunderstood the notion of "autographs".  The 'pen'
people don't simply mean a bitmap.  They take lots of measurements that
describe a person's signing characteristics, combine that with a sha-1 or
md5 hash of the document, and encrypt the result.  You can ask to have the
bitmap added, but this is a convenience.

I agree that we don't need to address autograph signature schemes because I
think that perhaps we should not be addressing signature schemes at all.
Anything that can conform to the interface Sign(), Verify() and a few other
functions should be allowed to sign XML.  If we dig too deep into the
internal structure, then we forced signed XML to have knowledge of signature
technologies, which constrains the spec to what we can conceive of now.

Ironically, the Richard Brown proposal is really saying that already they
can conceive of security needs beyond today's standards.  So they've added
some new tags into the signed XML framework to address these security ideas.
In and of itself this is evidence of the ongoing problems we will have as
new security ideas emerge.  What they're really saying is that the creators
of previous security standards didn't account for every security need.  It
is presumptuous of us to think that we could do a better job of coming up
with a set of tags that describes all security needs going forward.

We could simply tolerate lots of spec changes over time, as well as the
software upgrades, backwards incompatibilities, frustrations and costs that
go with that, but it is not necessary to have these problems.  We could
write a standard now that will be compatible with all signature technologies
going forward by simply *not* addressing particular signature schemes at
all.  This also has the happy benefit of not requiring that a compliant
implementation *must* be bundled with cryptographic code.

I've been using handwritten signatures as another example of a technology
that needs to sign XML that this group had not previously considered.
Richard Brown's proposal contains another example of signing that was not
accounted for by previous standards attempts.  Recently, Ko Fujimura posted
an email stating that  the digital ticket system had needs that were not
based on PKI.  I can't think of any other examples of new technologies that
might emerge, but this is precisely the point.

Since we cannot imagine all signature technologies of the future, our spec
should do as little as possible to try interpreting that binary blob
representing the signature.  'Something' will show up between the Value
start and end tags.  Whatever it is was generated by the signing engine
given in the manifest (which itself got signed), and that signing engine (or
equivalent equipment) will know how to verify it.

Any new security ideas should be expressed in a new security framework spec.
Signed XML markup itself should be as simple as possible.

Now we come to a useful distinction between markup versus semantics.  I will
address this issue in another post entitled "Markup versus Semantics".

>1) The packing format had better allow any signature scheme
> which produces as authentication data a string o' bits
> which is a function of the message and optionaly some
> additional data.
> There are good reasons for allowing an SHA-1 hash or an
> HMAC authentication blob, biometrics should be simply
> another such blob.

I agree in principal.  I don't know from this where you plan to put it.  In
the context of the Richard Brown draft, I'm talking about what goes into the
<Value> tag.  The biometric token could go there, or we could have a PKCS7
blob containing the encrypted hash plus signer's certificate, or we could
have as yet unforeseen data types.

That particular statement I just made about the nature of the PKCS7 blob
will be further qualified in the upcoming email "Markup versus Semantics"

>2) Do we think we have a need for significant input of crypto
> expertise? I don't think so, at this level we are treating
> PKCS#1 RSA, DSS etc as well behaved black boxes.

I agree with you.  We should stay as far away from the specific algorithms
used by the signing technology as possible.  Rely on, leverage their
standards.  Let them create the standards, let us integrate to modules to
that support those standards.

> If we feel we can proceed without detailed instructions along
> the way from Rogaway, Rivest, Kaliski et al we whould expect
> autograph identification methods to be capable of being
> treated in an equally black box fashion.

Absolutely.  To wit, I have no idea to this day how effective particular
handwritten technologies are at actually identifying the signer.  I think it
is possible in theory for the technology to do a better job than a
handwriting expert.  The reason is that a handwriting expert performs
"forensic" analyses on a completed signature, comparing it to writing
samples.  Most of the parameters of an electronic handwritten signature
measure the live act of signing, comparing it to writing samples that also
include the same parameters that measure the live act of signing.

>3) Biometric techniques are not commodified to the same extent that
> RSA, DSS etc are. Patent issues aside, RSA is RSA whoever you
> buy it from, same for DSS. Even the more 'exotic' reaches
> of cryptography such as eliptic curve are well defined and
> standards defined.
> I don't think it would be possible to address biometric
> techniques without addressing specific proprietary techniques
> which would in turn lead to the issue of endorsement which
> I don't think W3C should get involved in - not unless they
> want to actually conduct trials of biometric techniques which
> I don't think they do.

This is RIGHT ON THE MARK!  There are no standards for pen-based signature
technologies yet.  To us, it is just a different signing engine.  I don't
really even care whether they are doing biometrics or not.  The point is
that for each signing technology we write small interfaces that offer
Sign(), Verify() and a few other functions, then the "glue" code figures out
how to call the particular technology.  The glue goes into a DLL, the new
DLL is sent out, and suddenly a new signing engine is supported and we don't
have to replace our viewer, our language API, nor our core specs.

>4) The applications of biometrics and the applications of digital
> signatures are disjoint. I do not see an overlap, I consider
> biometrics important precisely because they can do things
> which digital signatures cannot.

This depends on your definition of digital signature.  The pen people look
at digital as 'electronic' as opposed to paper, and they look at the word
signature in the legal sense.  A signature is that which is affixed to a
document to represent authentication and authorization.  On paper,
authentication is quite implicit since for millenia we have not had the
technology to substantially alter a document without damaging the paper.
So, authentication was as simple as the signer looking over the document
before scribbling on it.  Authorization means that the signer agrees to the
statements being signed, which is quite context sensitive.  However,
authorization implies the ability to identify the signer.  A handwritten
signature on paper does this.

The pen people's biometric tokens are encrypted blobs containing biometric
measures of the act of signing as well as a sha-1 or md5 hash of the
document being signed.  The biometrics identify the signer, the act of
signing implies authorization (same as paper), the hash authenticates the
document content, and the encryption binds the two together.  The pen people
claim that this signing technology offers an electronic solution that is at
least as secure or substantially more secure than the paper signatures that
we currently accept.

> At most a biometric proves is that there was knowledge of a
> biometric profile required to create a signature. That is very
> different to the assurance of a digital signature which establishes
> that there was knowledge of a specific piece of information.

On behalf of the pen people, I'd like to disagree with this.  This is
actually what I meant about there being misunderstanding about handwritten
signature technologies.  These people actually are trying to bind the
document content to the signer in the way described above.  The hash of the
document in the biometric token provides the authentication that there was
knowledge (or at least availability) of a specific piece of information.
The biometric measures are only used to associate that information with a
particular person.

>I know there are folk in the biometric industry who dispute this, and that
>is kind of the point. I don't think the argument is usefull or necessary
>however. It is currently raqging with much FUD in the legal arena. I don't
>think we need to have the arguments rehearsed here too...

I've provided all this information because I think it is important for
people to understand this technology as a good example of the fact that we
can't anticipate what the future holds in terms of signing technologies.
Hopefully, we will create a spec that does not have to change every time a
new signing technology is created.

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company

> Phill
Received on Wednesday, 21 April 1999 13:20:32 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 11:28:04 EDT