W3C home > Mailing lists > Public > xml-dist-app@w3.org > October 2002

Re: Proposal for various Infosetisms

From: Marc Hadley <marc.hadley@sun.com>
Date: Tue, 1 Oct 2002 11:34:02 -0400
Cc: Rich Salz <rsalz@datapower.com>, mgudgin@microsoft.com, xml-dist-app@w3.org
To: noah_mendelsohn@us.ibm.com
Message-Id: <367C46D4-D553-11D6-9636-0003937568DC@sun.com>

On Tuesday, Oct 1, 2002, at 10:51 US/Eastern, 
noah_mendelsohn@us.ibm.com wrote:
>
> Furthermore, even whitespace can represent a covert channel, admittedly
> only when someone is quite malicious.  As you say, I think that 
> sigining a
> whole message is indeed potentially interesting.  I disagree that a
> canonical form is needed beyond the infoset.  We merely need a checksum
> that is the same whenever the infoset is the same, and with very high
> probability is different when the infoset is different.  Very useful, 
> and
> seemingly straightforward, IMO.
>
In the above do you mean the XML Infoset or a more liberal 'SOAP 
Infoset' where e.g. env:mustUnderstand="false" on a header block is the 
same as omitting an env:mustUnderstand attribute

Our spec says that:

<myns:myHeaderBlock xmlns:myns="..." 
env:mustUnderstand="false">...</myns:myHeaderBlock>

should be treated identically to

<myns:myHeaderBlock xmlns:myns="...">...</myns:myHeaderBlock>

and that an intermediary can remove env:mustUnderstand="false" AIIs 
from header blocks in messages it forwards.

Should signatures that include such header blocks break when an 
intermediary removes env:mustUnderstand="false" ? If not then some form 
of SOAP canonicalization is required, if so then I think we have a 
problem.

Digests/checksums work on bits and bytes, not abstract infosets. 
Canonicalization is the concrete instantiation of what I think you are 
talking about in the abstract sense: generating a serialized form of 
the infoset suitable for consumption by a digest algorithm that 'is the 
same whenever the infoset is the same, and with very high probability 
is different when the infoset is different'.

Marc.

>
> Rich Salz <rsalz@datapower.com>
> 10/01/02 09:32 AM
>
>
>         To:     Martin Gudgin <mgudgin@microsoft.com>
>         cc:     "noah_mendelsohn@us.ibm.com" 
> <noah_mendelsohn@us.ibm.com>,
> "xml-dist-app@w3.org" <xml-dist-app@w3.org>
>         Subject:        RE: Proposal for various Infosetisms
>
> It would be nice to be able to sign an entire SOAP message -- for
> example, a logging subsystem -- but it's not currently possible.
> You need some form of SOAP canonicalization.  In addition to the
> question of being able to remove the SOAP header element, there
> is the issue of whitespace between top-level header elements,
> re-ordering of headers, etc.
>
> I suggest that the spec include a caveat that it is currently only
> "safe" to sign individual header and body child elements (but not that
> XMLDSIG can sign multiple things at once).
>
> Alternatively, ressurect my soap c14n proposal from nearly a year ago;
> but it's probably too late in the game to add that now.
>         /r$
>
>
>
>
>
--
Marc Hadley <marc.hadley@sun.com>
XML Technology Center, Sun Microsystems.
Received on Tuesday, 1 October 2002 11:34:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:11 GMT