Re: Comments on best practices revision from Pratik Datta on 2008-09-02 (public-xmlsec@w3.org from September 2008)

From: Pratik Datta <pratik.datta@oracle.com>
Date: Tue, 02 Sep 2008 15:09:02 -0700
To: Scott Cantor <cantor.2@osu.edu>
CC: public-xmlsec@w3.org
Message-ID: <48BDB97E.2030903@oracle.com>

The best practices document is not limited in scope to the xml signature 
spec only,  it is meant as an advice to people who are using xml 
signatures, and what problems they might face with it.

So although PKIX processing may not be a requirement for the spec, it is 
something that any implementation has to do to verify signatures. In my 
experience users who are new to XML Signatures get so caught up with the 
details of xml signature spec, that they forget basic things like 
certificate chain validation, so we need to remind them of it.

We had a similar issue of whether Cross Site Scripting attacks are in 
scope for the Best Practices document, and we decided to keep it, 
because it does affect XML signature implementations even though it is 
nothing to do with the spec.

My understanding was that a RetrievalMethod needs to point to a child of 
KeyInfo, i.e. to a KeyName, KeyValue, X509Data etc, because 
RetrievalMethod has a Type attribute, which has to be one of X509Data, 
DSAKeyValue, RSAKeyValue etc.

But I understand your comment that the child elements do not allow IDs, 
so it is not possible for a RetrievalMethod to point to child element of 
KeyInfo.  I think this needs more explanation - do we really a transform 
in the retrieval method? What is the purpose of the Type attribute in 
that case?  Transforms in the RetrievalMethod are dangerous, we can't 
recommend it.

Pratik

Scott Cantor wrote:
> Some comments on this revision from April 14th, 2008:
>
> http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/
>
> In section 2.1, I think there are a few cleanups needed, as well as
> motivation for a change to the Signature spec.
>
> There's a statement about RetrievalMethod in which it's suggested that a use
> case for it is to avoid duplicate KeyInfo structures in a document with >1
> signature, but then a follow on statement that "the implementation may
> choose to allow only very constrained RetrievalMethods - e.g. those that do
> not have any transforms, and only one level of indirection using a local
> URI."
>
> This is contradictory because the existing schema is limiting and does not
> allow for RetrievalMethod to point to a certificate without in fact using a
> Transform to get inside the referenced KeyInfo element. This is because only
> KeyInfo carries an XML ID.
>
> Secondly, the following paragraph implies that using X509Certificate in
> KeyInfo implies PKIX processing of the certificate. There is no such
> requirement in the spec. It merely identifies a certificate. What the
> relying party does with it is not dictated by the spec. (As an aside, it's
> also referencing an old PKIX RFC, I think.)
>
> -- Scott
>
>
>
>

Received on Tuesday, 2 September 2008 22:09:42 UTC