RE: Proposal for various Infosetisms from noah_mendelsohn@us.ibm.com on 2002-10-01 (xml-dist-app@w3.org from October 2002)

From: <noah_mendelsohn@us.ibm.com>
Date: Tue, 1 Oct 2002 10:51:33 -0400
To: Rich Salz <rsalz@datapower.com>
Cc: mgudgin@microsoft.com, xml-dist-app@w3.org
Message-ID: <OF29CCA823.D9CD9FFB-ON85256C45.00502EB4@lotus.com>

It doesn't do everything you might want, but I think it's perfectly 
coherent to sign the infoset of the envelope, which is what we say an 
envelope is.  First of all, header entry order is potentially significant, 
depending on the features you define.  The rec makes this clear in [1]:

"The processing of one or more SOAP header blocks MAY control or determine 
the order of processing for other SOAP header blocks and/or the SOAP body. 
For example, one could create a SOAP header block to force processing of 
other SOAP header blocks in lexical order. In the absence of such a 
controlling SOAP header block, the order of header and body processing is 
at the discretion of the SOAP node."

Furthermore, even whitespace can represent a covert channel, admittedly 
only when someone is quite malicious.  As you say, I think that sigining a 
whole message is indeed potentially interesting.  I disagree that a 
canonical form is needed beyond the infoset.  We merely need a checksum 
that is the same whenever the infoset is the same, and with very high 
probability is different when the infoset is different.  Very useful, and 
seemingly straightforward, IMO.

Noah


[1] http://www.w3.org/TR/2002/WD-soap12-part1-20020626/#procsoapmsgs

------------------------------------------------------------------
Noah Mendelsohn                              Voice: 1-617-693-4036
IBM Corporation                                Fax: 1-617-693-8676
One Rogers Street
Cambridge, MA 02142
------------------------------------------------------------------







Rich Salz <rsalz@datapower.com>
10/01/02 09:32 AM

 
        To:     Martin Gudgin <mgudgin@microsoft.com>
        cc:     "noah_mendelsohn@us.ibm.com" <noah_mendelsohn@us.ibm.com>, 
"xml-dist-app@w3.org" <xml-dist-app@w3.org>
        Subject:        RE: Proposal for various Infosetisms

It would be nice to be able to sign an entire SOAP message -- for
example, a logging subsystem -- but it's not currently possible.
You need some form of SOAP canonicalization.  In addition to the
question of being able to remove the SOAP header element, there
is the issue of whitespace between top-level header elements,
re-ordering of headers, etc.

I suggest that the spec include a caveat that it is currently only
"safe" to sign individual header and body child elements (but not that
XMLDSIG can sign multiple things at once).

Alternatively, ressurect my soap c14n proposal from nearly a year ago;
but it's probably too late in the game to add that now.
        /r$

Received on Tuesday, 1 October 2002 10:54:25 UTC