Re: Single Key in Originator Information from John Boyer on 1999-04-21 (w3c-xml-sig-ws@w3.org from April 1999)

From: John Boyer <jboyer@uwi.com>
Date: Wed, 21 Apr 1999 13:51:27 -0700
To: "Paul Lambert" <plambert@certicom.com>
Cc: "Dsig group" <w3c-xml-sig-ws@w3.org>
Message-ID: <00ae01be8c38$b9ea2660$9ccbf4cc@kuratowski.uwi.bc.ca>

Of course, this problem wouldn't exist if we weren't trying to express the
signature in XML.  If the problem did exist, it would be in the underlying
signature technology, and the signed XML group would not have created a new
security hole by trying to bundle new cryptographic techniques with the
fundamental and different problem of signing XML.

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company
jboyer@uwi.com

-----Original Message-----
From: Paul Lambert <plambert@certicom.com>
To: reagle@w3.org <reagle@w3.org>
Cc: w3c-xml-sig-ws@w3.org <w3c-xml-sig-ws@w3.org>
Date: Wednesday, April 21, 1999 1:39 PM
Subject: Single Key in Originator Information


>
>Joseph,
>
>In your example from April 13 you have two keys represeted using <rdf:Alt>:
>
>       <!-- The originator info and his keys -->
>       <dsig:OriginatorInfo rdf:resource="http://w3.org/Reagle/">
>         <dsig:keys>
>           <rdf:Alt>
>             <rdf:li rdf:parseType="Resource">
>               <dsig:key ID="X509" type="http://iso.org/x509"
>                         value="...308201F0308201B002010..."/>
>             </rdf:li>
>             <rdf:li rdf:parseType="Resource">
>               <dsig:key ID="PGP" type="http://pgp.com/pgp"
>                         value="...F3082010308201B002010..."/>
>             </rdf:li>
>          </rdf:Alt>
>        </dsig:keys>
>       </dsig:OriginatorInfo>
>
>The first key is carried in within a X.509 certificate.  The second key is
>carried in a PGP certificate.  I assume that you intend in this example for
>both certificates to carry the same public key.
>
>Evaluation of this signature will  result in an ambiguos result.  The
>validation processing for X.509 is very different from PGP.  It is possible
>for one certificate to be revoked and the signature invalid and the second
>certificate to be valid.
>
>Even if both alternatives were in the same format, the associated
>attributes would be different (or else they would be the same certificate).
>Any variations in the certificate in name, validity period, key usage
>restrictions, or other attributes will effect the interpretation of the
>signature.  Allowing multiple alternatives for a key will allow create
>scenarios with ambiguos signature interpretations.
>
>This example  illustrates that a signing entity is more than just the
>public key.   The validation processing of a digital signature must
>consider all of the originator information carried with the public key.
>We should include only one starting point for this validation process.
>
>So, I propose that:
> XML digital signatures must carry only a single originator key or
>certificate.
>
>
>Paul
>
>
>
>

Received on Wednesday, 21 April 1999 16:47:24 UTC