- From: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
- Date: Tue, 07 Oct 2008 17:39:54 +0200
- To: Sean Mullan <Sean.Mullan@Sun.COM>, XMLSec WG Public List <public-xmlsec@w3.org>
- CC: Pratik Datta <pratik.datta@oracle.com>, "Hirsch Frederick (Nokia-OCTO/Boston)" <frederick.hirsch@nokia.com>
- Message-ID: <48EB82CA.4050403@iaik.tugraz.at>
Sean, Sean Mullan wrote: > But RetrievalMethod is not one of the valid KeyInfo types that > RetrievalMethod can refer to (see section 4.4): the point I was making in our last telco was that RetrievalMethod *is* potentially recursive just as Pratik mentions, especially as the Type attribute is optional and is hence not necessarily constraining as Sean mentions. Konrad >From our minutes, ... >> klanz2: I thought RetrievalMethod *is* recursive? >> >> <fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0054.html >> >> fjh: deferred >> [...] >> <klanz2> name="Type" type="anyURI" use="optional" http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod : > <element name="RetrievalMethod" type="ds:RetrievalMethodType"/> > <complexType name="RetrievalMethodType"> > <sequence> > <element ref="ds:Transforms" minOccurs="0"/> > </sequence> > <attribute name="URI" type="anyURI"/> > <attribute name="Type" type="anyURI" use="optional"/> > </complexType> > > Pratik Datta wrote: > >> There is some ambiguity around the "RetrievalMethod" >> >> The spec says that >> >> "The result of dereferencing a |RetrievalMethod| |Reference <#sec-URI>| >> for all |KeyInfo| types defined by this specification <#sec-KeyInfo> >> (section 4.4) with a corresponding XML structure is an XML element or >> document with that element as the root" >> >> My interpretation is that a RetrievalMethod can point to a KeyInfo type, >> and one of the KeyInfo types is RetrievalMethod. So doesn't this imply >> reference chaining? Because effectively a RetrievalMethod is pointing to >> another RetrievalMethod , which can point to yet another one and so on. >> > > But RetrievalMethod is not one of the valid KeyInfo types that > RetrievalMethod can refer to (see section 4.4): > > The following list summarizes the KeyInfo types that are allocated an > identifier in the &dsig; namespace; these can be used within the > RetrievalMethod Type attribute to describe a remote KeyInfo structure. > > * http://www.w3.org/2000/09/xmldsig#DSAKeyValue > * http://www.w3.org/2000/09/xmldsig#RSAKeyValue > * http://www.w3.org/2000/09/xmldsig#X509Data > * http://www.w3.org/2000/09/xmldsig#PGPData > * http://www.w3.org/2000/09/xmldsig#SPKIData > * http://www.w3.org/2000/09/xmldsig#MgmtData > > --Sean > > >> Pratik >> >> Sean Mullan wrote: >> >>> Hirsch Frederick (Nokia-OCTO/Boston) wrote: >>> >>>> All >>>> >>>> We have some items to complete before publishing the Best Practices >>>> as a first working draft. >>>> If we can complete these items before 7 October, then we can agree at >>>> that meeting to the changes, incorporate them before the F2F and >>>> agree to publish during the F2F (unless we are able to agree to >>>> publish on 7 October). >>>> >>>> 1) Please review the current Best Practices draft so that we can >>>> approve as working draft for publication. Please post any comments to >>>> the list by next week. >>>> >>>> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/ >>>> >>> A couple of comments on section 2.1.3 >>> >>> I don't understand how an implementation would process this >>> RetrievalMethod recursively in an endless loop. I think a valid >>> implementation should dereference the any RetrievalMethod once, pass >>> the result through transforms and return the resulting XML Structure >>> (or KeyInfo if it is one of the types in [1]). I think that in order >>> for this attack to succeed, the reference processing model would need >>> to support reference chaining, but AFAICT it doesn't allow that. >>> >>> Also, there is a duplicate best practice #5 in this section. (Section >>> 2.1.2 contained best practice #5). >>> >>> --Sean >>> >>> [1] http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-KeyInfo >>> >>> > > > -- Konrad Lanz, IAIK/SIC - Graz University of Technology Inffeldgasse 16a, 8010 Graz, Austria Tel: +43 316 873 5547 Fax: +43 316 873 5520 http://www.iaik.tugraz.at/content/about_iaik/people/lanz_konrad/ http://jce.iaik.tugraz.at Certificate chain (including the EuroPKI root certificate): https://europki.iaik.at/ca/europki-at/cert_download.htm
Received on Tuesday, 7 October 2008 15:41:01 UTC