- From: Marcos Caceres <marcosc@opera.com>
- Date: Mon, 31 Jan 2011 20:18:54 +0100
- To: Arthur Barstow <art.barstow@nokia.com>
- CC: ext Andrey Nazarov <Andrey.Nazarov@oracle.com>, public-webapps <public-webapps@w3.org>
On 1/31/11 7:52 PM, Arthur Barstow wrote: > Andrey - on January 26, Marcos proposed changing the c14n algorithm in > [1] and [2] and notified the group in [3] that he updated the Editor's > Draft [ED] to reflect his proposal. He included rationale in [1]. > > Marcos - in what way(s) does your proposal break the signer and > validator conformance classes as defined in the June 2010 CR [CR]? It would remove all references and dependencies on XML Canonicalization 1.1 in favor of XML Canonicalization 1.0. Explicit <tranform> to Canonicalization 1.1 would no longer be needed (XML Dig Sig just defaults to 1.0). Everything else stays the same. > -Art Barstow > > [1] http://lists.w3.org/Archives/Public/public-webapps/2011JanMar/0247.html > [2] http://lists.w3.org/Archives/Public/public-webapps/2011JanMar/0250.html > [3] http://lists.w3.org/Archives/Public/public-webapps/2011JanMar/0254.html > [ED] http://dev.w3.org/2006/waf/widgets-digsig/ > [CR] http://www.w3.org/TR/2010/CR-widgets-digsig-20100624/#conformance > > > -------- Original Message -------- > Subject: Questions regarding to "Test Suite for the XML Digital > Signatures For Widgets Specification " > Resent-Date: Thu, 27 Jan 2011 18:11:37 +0000 > Resent-From: <public-webapps@w3.org> > Date: Thu, 27 Jan 2011 20:12:28 +0300 > From: ext Andrey Nazarov <Andrey.Nazarov@oracle.com> > To: <public-webapps@w3.org> > > > > Hello All, > I hope it is right place to ask about Test Suite for the XML Digital > Signatures For Widgets Specification. > If not, where is better? > > I. Test 19rsa.wgt. > > I found that the author-signature.xml and signature1.xml files were > corrected today (27-Jan-2011). > It seems to me that this correction broken correspondence betwee > specification and test. > > Why values of the "CanonicalizationMethod Algorithm" attribute of > SignedInfo and "Transform Algorithm" attribute of Reference were changed > to the same value http://www.w3.org/TR/2001/REC-xml-c14n-20010315? > > The specification document "Digital Signatures for Widgets W3C Candidate > Recommendation 24 June 2010" > (http://www.w3.org/TR/widgets-digsig/#xmldsig11) > has the following sentences: > > 1. The following canonicalization algorithms /MUST/ be supported by an > implementation <http://dev.w3.org/2006/waf/widgets-digsig/#implementation>: > Exclusive XML Canonicalization 1.0 (omits comments) [XML-exc-C14N] > <http://dev.w3.org/2006/waf/widgets-digsig/#xml-exc-c14n>:|http://www.w3.org/2001/10/xml-exc-c14n#| > (see chapter8.3. Canonicalization Algorithms) > I think it means that the "CanonicalizationMethod Algorithm" attribute > of SignedInfo must be |http://www.w3.org/2001/10/xml-exc-c14n# > > 2. |A |ds:Reference| to same-document XML content /MUST/ have a > |ds:Transform| element child that specifies the canonicalization method. > Canonical XML 1.1 /MUST/ be specified as the Canonicalization Algorithm > for this transform. > (see chapter9.2. Common Constraints for Signature Generation and Validation) > I think it means that the "Transform Algorithm" attribute of > ds:Transform must be http://www.w3.org/2006/12/xml-c14n11.. > > ||3. An implementation /SHOULD/ be able to process a |ds:Reference| to > same-document XML content when that |ds:Reference| does not have a > |ds:Transform| child element, for backward compatibility. In this case > the default canonicalization algorithm Canonical XML 1.0 will be used. > (see chapter9.2. Common Constraints for Signature Generation and Validation) > I think only for this case could be used the > "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" URI. > > Why this correction was done? > > II. Test 19dsa.wgt. > Could somebody confirm that this test is correct? > The deal is when I look on the certificate that is used for this test I > see that it contain information about DSA Public Key, but the Signature > Algorithm for this certificate is pointed as SHA1withRSA. Is it correct? > > Thank you in advance, > Andrey > -- Marcos Caceres Opera Software
Received on Monday, 31 January 2011 19:19:36 UTC