Re: [ACTION-74] Re: Reminder: WG actions needed on Best Practices before publication from Sean Mullan on 2008-10-07 (public-xmlsec@w3.org from October 2008)

From: Sean Mullan <Sean.Mullan@Sun.COM>
Date: Tue, 07 Oct 2008 13:00:50 -0400
To: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
Cc: XMLSec WG Public List <public-xmlsec@w3.org>, Pratik Datta <pratik.datta@oracle.com>, "Hirsch Frederick (Nokia-OCTO/Boston)" <frederick.hirsch@nokia.com>
Message-id: <48EB95C2.9010101@sun.com>

Konrad Lanz wrote:
> Sean,
> 
> Sean Mullan wrote:
>> But RetrievalMethod is not one of the valid KeyInfo types that 
>> RetrievalMethod can refer to (see section 4.4):
> 
> the point I was making in our last telco was that RetrievalMethod *is*
> potentially recursive just as Pratik mentions, especially as the Type
> attribute is optional and is hence not necessarily constraining as Sean
> mentions.

Maybe, but that would be an implementation-specific feature then, since the XML 
Signature specification does not define a standard type for RetrievalMethods. I 
cannot speak for the authors, but it seems like they were intentionally avoiding 
this recursive scenario by not defining a standard KeyInfo type for 
RetrievalMethods.

--Sean

> 
> Konrad
> 
>>From our minutes, ...
> 
>>> klanz2: I thought RetrievalMethod *is* recursive?
>>>
>>> <fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2008Sep/0054.html
>>>
>>> fjh: deferred
>>> [...]
>>> <klanz2> name="Type" type="anyURI" use="optional"
> 
> 
> http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod :
>>    <element name="RetrievalMethod" type="ds:RetrievalMethodType"/> 
>>    <complexType name="RetrievalMethodType">
>>      <sequence>
>>        <element ref="ds:Transforms" minOccurs="0"/> 
>>      </sequence>  
>>      <attribute name="URI" type="anyURI"/>
>>      <attribute name="Type" type="anyURI" use="optional"/>
>>    </complexType>
>>   
> 
> 
>> Pratik Datta wrote:
>>   
>>> There is some ambiguity around the "RetrievalMethod"
>>>
>>> The spec says that
>>>
>>> "The result of dereferencing a |RetrievalMethod| |Reference <#sec-URI>| 
>>> for all |KeyInfo| types defined by this specification <#sec-KeyInfo> 
>>> (section 4.4) with a corresponding XML structure is an XML element or 
>>> document with that element as the root"
>>>
>>> My interpretation is that a RetrievalMethod can point to a KeyInfo type, 
>>> and one of the KeyInfo types is RetrievalMethod.  So doesn't this imply 
>>> reference chaining? Because effectively a RetrievalMethod is pointing to 
>>> another RetrievalMethod , which can point to yet another one and so on.
>>>     
>> But RetrievalMethod is not one of the valid KeyInfo types that 
>> RetrievalMethod can refer to (see section 4.4):
>>
>> The following list summarizes the KeyInfo types that are allocated an 
>> identifier in the &dsig;  namespace; these can be used within the 
>> RetrievalMethod Type attribute to describe a remote KeyInfo structure.
>>
>>      * http://www.w3.org/2000/09/xmldsig#DSAKeyValue
>>      * http://www.w3.org/2000/09/xmldsig#RSAKeyValue
>>      * http://www.w3.org/2000/09/xmldsig#X509Data
>>      * http://www.w3.org/2000/09/xmldsig#PGPData
>>      * http://www.w3.org/2000/09/xmldsig#SPKIData
>>      * http://www.w3.org/2000/09/xmldsig#MgmtData
>>
>> --Sean
>>
>>   
>>> Pratik
>>>
>>> Sean Mullan wrote:
>>>     
>>>> Hirsch Frederick (Nokia-OCTO/Boston) wrote:
>>>>       
>>>>> All
>>>>>
>>>>> We have some items to complete before publishing the Best Practices 
>>>>> as a first working draft.
>>>>> If we can complete these items before 7 October, then we can agree at 
>>>>> that meeting to the changes, incorporate them before the F2F and 
>>>>> agree to publish during the F2F (unless we are able to agree to 
>>>>> publish on 7 October).
>>>>>
>>>>> 1) Please review the current Best Practices draft so that we can 
>>>>> approve as working draft for publication. Please post any comments to 
>>>>> the list by next week.
>>>>>
>>>>> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/
>>>>>         
>>>> A couple of comments on section 2.1.3
>>>>
>>>> I don't understand how an implementation would process this 
>>>> RetrievalMethod recursively in an endless loop. I think a valid 
>>>> implementation should dereference the any RetrievalMethod once, pass 
>>>> the result through transforms and return the resulting XML Structure 
>>>> (or KeyInfo if it is one of the types in [1]). I think that in order 
>>>> for this attack to succeed, the reference processing model would need 
>>>> to support reference chaining, but AFAICT it doesn't allow that.
>>>>
>>>> Also, there is a duplicate best practice #5 in this section. (Section 
>>>> 2.1.2 contained best practice #5).
>>>>
>>>> --Sean
>>>>
>>>> [1] http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-KeyInfo
>>>>
>>>>       
>>
>>   
> 
>

Received on Tuesday, 7 October 2008 17:01:37 UTC