Re: Signature in Wrong Position from Henry Story on 2016-01-17 (public-webpayments@w3.org from January 2016)

From: Henry Story <henry.story@bblfish.net>
Date: Sun, 17 Jan 2016 13:53:50 +0000
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Web Payments <public-webpayments@w3.org>
Message-Id: <CE46CAAB-1A7F-4FFF-98EE-4E933375CAA9@bblfish.net>
> On 17 Jan 2016, at 13:10, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
> 
> On 2016-01-17 13:55, Henry Story wrote:
>> I was looking at the Linked Data Signatures document
>> 
>>   https://web-payments.org/specs/source/ld-signatures/
>> 
>> I am not sure if this is the right list to discuss this.
>> 
>> I am really keen to have something like this to work, and I like
>> most of it off the bat. But looking a bit closer I noticed what
>> I think is a serious error that has an easy fix though.
>> 
>> The mistake is to put the signature *inside* the graph.
>> Take example 1:
>> 
>> {
>>   "@context": "https://w3id.org/identity/v1",
>>   "title": "Hello World!",
>>   "signature": {
>>     "type": "LinkedDataSignature2015",
>>     "creator": "http://example.com/i/pat/keys/5",
>>     "created": "2011-09-23T20:21:34Z",
>>     "domain": "example.org",
>>     "nonce": "2bbgh3dgjg2302d-d2b3gi423d42",
>>     "signatureValue": "OGQzNGVkMzVm4NTIyZTkZDYMmMzQzNmExMgoYzI43Q3ODIyOWM32NjI="
>>   }
>> }
>> 
>> In short: Signatures should be external to the graph, since that is the object
>> of the signature. By placing it inside the graph as above the problem is
>> 
>> 1. the algorithm needs to remove elements from the signed graph
> 
> Yes, but that is not such a big issue compared to the quite elaborate canonicalization required by this scheme.

which is why it should be easy to fix.
Furthermore it would make the algorithm easier.

> 
>> 2. The algorithm won't be able to cope with alignement of ontologies such as
>>   a different relation being discovered to be owl:sameAs the :signature
>>   relation above. If another such widely used vocabulary is found, or perhaps even
>>   if the current vocabulary is extended then the signature verification systems won't
>>   necessarily be able to understand to remove those relations too.
> 
> Obviously any kind of scheme effectively introduces "reserved words".

indeed, and I am not arguing against the names.
> 
>> 
>> It is much better to put the signature outside of the graph. Then
>> 
>> 1. The algorithm won't need to contain any condition about removing any relation
>> which will be a lot better for large graphs, and speed up verification.
>> 2. New relations could be found or the vocabulary could be extended without changing
>> the signature verification algorithm.
>> 
>> Another way to think of this is that a named graph can always be mapped to a literal.
>> ( This is why one can think of named graphs as already implicitly contained in RDF/XML )
>> Signing documents is always external to the document in those circumstances.
> 
> Then you might as well use IETF's JWS:
>  {
>    "payload": "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ",
>    "protected": "eyJhbGciOiJFUzI1NiJ9",
>    "signature": "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8IS lSApmWQxfKTUJqPP3-Kg6NU1Q"
>  }

Not at all. 

The great thing about this spec - as I understand - is that it is syntax agnostic, and
works on the semantic layer.

This means in could actually work by placing a Link header in the http header itself
https://tools.ietf.org/html/rfc5988

[[
200 Ok
...
Content-Type: application/json+ld
Link: <ipfs://QmXfrS3pHerg44zzK6QKQj6JDk8H6cMtQS7pdXbohwNQfK/sig#i>; rel="http://purl.org/signature#signature"

{
  "@context": "https://w3id.org/identity/v1",
  "title": "Hello World!"
}
]]

( I am assuming the namespace is still the one defined here
  https://web-payments.org/vocabs/signature )

The adaptiation makes it easy to move the signature to the HTTP layer, which can 
have all kinds of other benefits. Also it can move the signature off to a distributed hash
table protocol like https://ipfs.io/

The great thing of moving away from a hash signature is that one can sign a graph, whatever the
format it is expressed in, allowing content negotation to work. This is key to making this work
with the web.

JSW forces a particular syntax and hash, which means it is actually not ready for the web.

Henry

> Highly related stuff:
> https://cyberphone.github.io/openkeystore/resources/docs/jcs.html#ECMAScript_Compatibility_Mode
> 
> Anders
> 
>> 
>> Henry Story
>> 
>> 
>> 
>
Received on Sunday, 17 January 2016 13:54:22 UTC