Re: Some strawman ideas for a minimum DSig profile

Sean,

I am in sympathy with your approach.  However, the processing order you 
suggest below (which may be correct for performance)
is contrary to that which is recommended for Best Practice #1 (
http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#denial-of-service
).
It may be too early to consider that dimension as well, but at some point 
we will need to think about mitigation of risk in a highly-performant 
profile.
It may be that we can sidestep the issue by excluding from the profile the 
type of interactions that drove the best-practices recommendation.

Bruce A Rich
brich at-sign us dot ibm dot com


Sean Mullan wrote on 08/21/2008 12:22:49 PM:

> 
> It also occured to me that many of these minimal processing and 
> verification issues could be solved if the xml signature was always 
> stored in a separate xml document, and somehow safely associated or 
> packaged with what it is signing (like a zip file). Then a validator 
> could first parse/verify the signature, authenticate the signer, and 
> then validate the reference digests in the document(s) in a streaming 
> manner. Has anyone thought about that and making this a requirement for 
> a minimal profile?
> 

Received on Tuesday, 26 August 2008 12:35:12 UTC