Complexity: listing and reviewing assumptions

There are many potential benefits from reducing complexity associated  
with canonicalization and signing, including reduced attack surface,  
improved performance, increased adoption due to understandability etc.

To reduce complexity we will need to do less, and maybe reduce the  
number of options.

If we reduce complexity in the large we may get bigger wins than  
optimizing details though eventually the two will go together.

Can you please help list the assumptions we've made? Here are some  
possible ones:

1. The output of XML Canonicalization is well-formed XML [1]

2. The output of XML Canonicalization is XML that can be treated as  
if it were the source document, e.g. viewed, understood, used in  
place of the original document.

3. Canonicalization is idempotent - canonicalizing output of  
canonicalization leads to same result [1]

4. Full unicode support required, alternate expressions of same  
character are equivalent  [1]

5. Use Infoset terminology [1]

6. Namespace prefix values must be preserved (e.g. the literal prefix  
string preserved)

7. Namespace information is required.

http://www.w3.org/2007/xmlsec/ws/papers/20-thompson/

8. QNames in context must be supported

e.g. require namespace declarations used by QNames in content, even  
if namespace not used in elements/attributes

9. Signing can be performed on arbitrary node sets.

How about node sets without an element node?

10. Transforms support both octet stream input and nodeset input

etc

As a WG we may  need to schedule time to walk through C14N11 and  
Exclusive Canonicalization and list the implicit and explicit  
assumptions. Is there a WG member that could volunteer to do this in  
advance?

Please share additional assumptions and comment on the list.


regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

[1] http://www.w3.org/TR/NOTE-xml-canonical-req

Received on Monday, 18 August 2008 14:40:50 UTC