- From: Andrey Nazarov <Andrey.Nazarov@oracle.com>
- Date: Thu, 27 Jan 2011 20:12:28 +0300
- To: public-webapps@w3.org
- Message-ID: <4D41A77C.1040605@oracle.com>
Hello All, I hope it is right place to ask about Test Suite for the XML Digital Signatures For Widgets Specification. If not, where is better? I. Test 19rsa.wgt. I found that the author-signature.xml and signature1.xml files were corrected today (27-Jan-2011). It seems to me that this correction broken correspondence betwee specification and test. Why values of the "CanonicalizationMethod Algorithm" attribute of SignedInfo and "Transform Algorithm" attribute of Reference were changed to the same value http://www.w3.org/TR/2001/REC-xml-c14n-20010315? The specification document "Digital Signatures for Widgets W3C Candidate Recommendation 24 June 2010" (http://www.w3.org/TR/widgets-digsig/#xmldsig11) has the following sentences: 1. The following canonicalization algorithms /MUST/ be supported by an implementation <http://dev.w3.org/2006/waf/widgets-digsig/#implementation>: Exclusive XML Canonicalization 1.0 (omits comments) [XML-exc-C14N] <http://dev.w3.org/2006/waf/widgets-digsig/#xml-exc-c14n>:|http://www.w3.org/2001/10/xml-exc-c14n#| (see chapter8.3. Canonicalization Algorithms) I think it means that the "CanonicalizationMethod Algorithm" attribute of SignedInfo must be |http://www.w3.org/2001/10/xml-exc-c14n# 2. |A |ds:Reference| to same-document XML content /MUST/ have a |ds:Transform| element child that specifies the canonicalization method. Canonical XML 1.1 /MUST/ be specified as the Canonicalization Algorithm for this transform. (see chapter9.2. Common Constraints for Signature Generation and Validation) I think it means that the "Transform Algorithm" attribute of ds:Transform must be http://www.w3.org/2006/12/xml-c14n11. ||3. An implementation /SHOULD/ be able to process a |ds:Reference| to same-document XML content when that |ds:Reference| does not have a |ds:Transform| child element, for backward compatibility. In this case the default canonicalization algorithm Canonical XML 1.0 will be used. (see chapter9.2. Common Constraints for Signature Generation and Validation) I think only for this case could be used the "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" URI. Why this correction was done? II. Test 19dsa.wgt. Could somebody confirm that this test is correct? The deal is when I look on the certificate that is used for this test I see that it contain information about DSA Public Key, but the Signature Algorithm for this certificate is pointed as SHA1withRSA. Is it correct? Thank you in advance, Andrey
Received on Thursday, 27 January 2011 18:08:33 UTC