[widgets] Questions regarding to "Test Suite for the XML Digital Signatures For Widgets Specification "

Andrey - on January 26, Marcos proposed changing the c14n algorithm in 
[1] and [2] and notified the group in [3] that he updated the Editor's 
Draft [ED] to reflect his proposal. He included rationale in [1].

Marcos - in what way(s) does your proposal break the signer and 
validator conformance classes as defined in the June 2010 CR [CR]?

-Art Barstow

[1] http://lists.w3.org/Archives/Public/public-webapps/2011JanMar/0247.html
[2] http://lists.w3.org/Archives/Public/public-webapps/2011JanMar/0250.html
[3] http://lists.w3.org/Archives/Public/public-webapps/2011JanMar/0254.html
[ED] http://dev.w3.org/2006/waf/widgets-digsig/
[CR] http://www.w3.org/TR/2010/CR-widgets-digsig-20100624/#conformance


-------- Original Message --------
Subject: 	Questions regarding to "Test Suite for the XML Digital 
Signatures For Widgets Specification "
Resent-Date: 	Thu, 27 Jan 2011 18:11:37 +0000
Resent-From: 	<public-webapps@w3.org>
Date: 	Thu, 27 Jan 2011 20:12:28 +0300
From: 	ext Andrey Nazarov <Andrey.Nazarov@oracle.com>
To: 	<public-webapps@w3.org>



Hello All,
I hope it is right place to ask about Test Suite for the XML Digital 
Signatures For Widgets Specification.
If not,  where is better?

I. Test 19rsa.wgt.

I found that the author-signature.xml and signature1.xml files were 
corrected today (27-Jan-2011).
It seems to me that this correction broken correspondence betwee 
specification and test.

Why values of the "CanonicalizationMethod Algorithm" attribute of 
SignedInfo and "Transform Algorithm" attribute of Reference were changed 
to the same value http://www.w3.org/TR/2001/REC-xml-c14n-20010315?

The specification document "Digital Signatures for Widgets W3C Candidate 
Recommendation 24 June 2010"
(http://www.w3.org/TR/widgets-digsig/#xmldsig11)
has the following sentences:

1. The following canonicalization algorithms /MUST/ be supported by an 
implementation <http://dev.w3.org/2006/waf/widgets-digsig/#implementation>:
Exclusive XML Canonicalization 1.0 (omits comments) [XML-exc-C14N] 
<http://dev.w3.org/2006/waf/widgets-digsig/#xml-exc-c14n>:|http://www.w3.org/2001/10/xml-exc-c14n#|
(see chapter8.3. Canonicalization Algorithms)
I think it means that the "CanonicalizationMethod Algorithm" attribute 
of SignedInfo must be |http://www.w3.org/2001/10/xml-exc-c14n#

2. |A |ds:Reference| to same-document XML content /MUST/ have a 
|ds:Transform| element child that specifies the canonicalization method. 
Canonical XML 1.1 /MUST/ be specified as the Canonicalization Algorithm 
for this transform.
(see chapter9.2. Common Constraints for Signature Generation and Validation)
I think it means that the "Transform Algorithm" attribute of 
ds:Transform must be http://www.w3.org/2006/12/xml-c14n11..

||3. An implementation /SHOULD/ be able to process a |ds:Reference| to 
same-document XML content when that |ds:Reference| does not have a 
|ds:Transform| child element, for backward compatibility. In this case 
the default canonicalization algorithm Canonical XML 1.0 will be used.
(see chapter9.2. Common Constraints for Signature Generation and Validation)
I think only for this case could be used the 
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315" URI.

Why this correction was done?

II. Test 19dsa.wgt.
Could somebody confirm that this test is correct?
The deal is when I look on the certificate that is  used for this test I 
see that it contain information about DSA Public Key, but the Signature 
Algorithm for this certificate is pointed as SHA1withRSA. Is it correct?

Thank you in advance,
Andrey

Received on Monday, 31 January 2011 18:53:45 UTC