Widgets digital signatures, off-list discussion about requirements and algorithms.

Archiving, with permission of all those involved, and with apologies  
for having let this turn into a technical discussion off-list.

Mark's message (the topmost one) includes a number of interesting  
design points, that should be further pursued.

Regards,
--
Thomas Roessler, W3C  <tlr@w3.org>





Begin forwarded message:

> From: "Priestley, Mark, VF-Group" <Mark.Priestley@vodafone.com>
> Date: 26 September 2008 15:12:28 CEDT
> To: "Thomas Roessler" <tlr@w3.org>, "Arthur Barstow" <art.barstow@nokia.com 
> >
> Cc: "ext Marcos Caceres" <marcosscaceres@gmail.com>, "Frederick  
> Hirsch" <frederick.hirsch@nokia.com>, "Arve Bersvendsen" <arveb@opera.com 
> >
> Subject: RE: DRAFT: Seeking feedback regarding Widgets Digital  
> Signatures spec
>
> Apologies for joining the discussion late.
>
> I'm in agreement with what has been communicated so far. My opinion
> would be that support for SHA-256 for Widgets 1.0 would represent the
> good choice called for by Thomas.
>
> In terms of a good idea of how to change from one algorithm to another
> at a later point in time, IMHO this is not an easy problem to solve.  
> The
> main problem is supporting legacy devices. This will inevitably mean
> that you need to sign all content using both algorithms for the
> migration period, which may be quite some while and will be a real  
> pain.
> During this time you'll also need to be able to tell which algorithms
> the consuming device supports and send it the right content. Being  
> able
> to update the widget engine OTA will help but can't be relied on. (I'm
> sure this is all common knowledge but I thought it was worth repeating
> as it's something that will impact Operators particularly acutely)
>
> My feeling therefore tends to be that it is prudent to mandate support
> more than one algorithm as early as possible (although actually in our
> case I'm starting to think that mandating support for SHA-1 is of  
> little
> value if we are also planning to mandate support of SHA-256) but I'm
> aware that this is not always an attractive proposal from an  
> implementer
> or testers perspective.
>
> Thanks,
>
> Mark
>
>
>
>
> -----Original Message-----
> From: Thomas Roessler [mailto:tlr@w3.org]
> Sent: 25 September 2008 18:44
> To: Arthur Barstow
> Cc: ext Marcos Caceres; Frederick Hirsch; Priestley, Mark, VF-Group;
> Arve Bersvendsen
> Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital
> Signatures spec
>
> I'm not sure that the requirement I gave is one that would lead to
> changes to the widget requirements spec -- it's more a general design
> principle about using cryptographic algorithms.
>
> The fundamental point is that you need some useful migration story  
> from
> one hash algorithm to another one.  XML Signature has that, since it
> identifies all algorithms by URI.  So, unless you do something on your
> own and just say in the spec "this is the sha-foo hash of the  
> following
> data" without identifying the algorithm in the document, you should be
> fine.
>
> The second point is, again, just the way in which you usually get
> interoperability in a space where you have choices:  Make some good
> choices (maybe just *one* choice) for the purposes of a specific spec,
> and be sure you have an idea how to change that later on.
>
> Hope this clarifies matters,
> --
> Thomas Roessler, W3C  <tlr@w3.org>
>
>
>
> On 25 Sep 2008, at 19:33, Arthur Barstow wrote:
>
>> Good question. Let's see what the domain experts say.
>>
>> My take is:
>>
>> * The first sentence in the current text will need to be updated to
>> reflect req #1 from Thomas.
>>
>> * Regarding Thomas' req #2, perhaps that doesn't need to be an
>> explicit requirement but something we need to address in the spec.
>> It feels too much like a statement about the usage/deployment of XML
>> Signature rather than a high-level req.
>>
>> -AB
>>
>> On Sep 25, 2008, at 10:49 AM, ext Marcos Caceres wrote:
>>
>>> On Thu, Sep 25, 2008 at 3:06 PM, Thomas Roessler <tlr@w3.org> wrote:
>>>> totally, yes.
>>>>
>>>> So there are really two requirements here:
>>>>
>>>> 1. Do not use sha-256 implicitly, anywhere, so you can change
>>>> later on.
>>>> 2. Pick a decent set of algorithms.
>>>>
>>>
>>> Does that means that R43. Support for Multiple Message Digest
>>> Algorithms needs to be changed? it currently reads:
>>>
>>> "A conforming specification MUST recommend that where the integrity
>>> of
>>> data is protected using a message digest, it MUST be possible to use
>>> the SHA-1 message digest algorithm or the SHA-256 message digest
>>> algorithm. Due to known weaknesses in the SHA-1 algorithm and the
>>> expected lifetime of implementations, a conforming specification  
>>> MUST
>>> strongly recommend the use of SHA-256 to ensure that the overall
>>> security of the solution is maintained."
>>>
>>>
>>> -- 
>>> Marcos Caceres
>>> http://datadriven.com.au
>>
>
Begin forwarded message:

> From: Thomas Roessler <tlr@w3.org>
> Date: 25 September 2008 19:43:59 CEDT
> To: Arthur Barstow <art.barstow@nokia.com>
> Cc: ext Marcos Caceres <marcosscaceres@gmail.com>, "Frederick  
> Hirsch" <frederick.hirsch@nokia.com>, "Mark Priestley" <Mark.Priestley@vodafone.com 
> >, "Arve Bersvendsen" <arveb@opera.com>
> Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital  
> Signatures spec
>
> I'm not sure that the requirement I gave is one that would lead to  
> changes to the widget requirements spec -- it's more a general  
> design principle about using cryptographic algorithms.
>
> The fundamental point is that you need some useful migration story  
> from one hash algorithm to another one.  XML Signature has that,  
> since it identifies all algorithms by URI.  So, unless you do  
> something on your own and just say in the spec "this is the sha-foo  
> hash of the following data" without identifying the algorithm in the  
> document, you should be fine.
>
> The second point is, again, just the way in which you usually get  
> interoperability in a space where you have choices:  Make some good  
> choices (maybe just *one* choice) for the purposes of a specific  
> spec, and be sure you have an idea how to change that later on.
>
> Hope this clarifies matters,
> -- 
> Thomas Roessler, W3C  <tlr@w3.org>
>
>
>
> On 25 Sep 2008, at 19:33, Arthur Barstow wrote:
>
>> Good question. Let's see what the domain experts say.
>>
>> My take is:
>>
>> * The first sentence in the current text will need to be updated to  
>> reflect req #1 from Thomas.
>>
>> * Regarding Thomas' req #2, perhaps that doesn't need to be an  
>> explicit requirement but something we need to address in the spec.  
>> It feels too much like a statement about the usage/deployment of  
>> XML Signature rather than a high-level req.
>>
>> -AB
>>
>> On Sep 25, 2008, at 10:49 AM, ext Marcos Caceres wrote:
>>
>>> On Thu, Sep 25, 2008 at 3:06 PM, Thomas Roessler <tlr@w3.org> wrote:
>>>> totally, yes.
>>>>
>>>> So there are really two requirements here:
>>>>
>>>> 1. Do not use sha-256 implicitly, anywhere, so you can change  
>>>> later on.
>>>> 2. Pick a decent set of algorithms.
>>>>
>>>
>>> Does that means that R43. Support for Multiple Message Digest
>>> Algorithms needs to be changed? it currently reads:
>>>
>>> "A conforming specification MUST recommend that where the  
>>> integrity of
>>> data is protected using a message digest, it MUST be possible to use
>>> the SHA-1 message digest algorithm or the SHA-256 message digest
>>> algorithm. Due to known weaknesses in the SHA-1 algorithm and the
>>> expected lifetime of implementations, a conforming specification  
>>> MUST
>>> strongly recommend the use of SHA-256 to ensure that the overall
>>> security of the solution is maintained."
>>>
>>>
>>> -- 
>>> Marcos Caceres
>>> http://datadriven.com.au
>>
>
Begin forwarded message:

> From: Arthur Barstow <art.barstow@nokia.com>
> Date: 25 September 2008 19:33:17 CEDT
> To: ext Marcos Caceres <marcosscaceres@gmail.com>
> Cc: "Thomas Roessler" <tlr@w3.org>, "Frederick Hirsch" <frederick.hirsch@nokia.com 
> >, "Mark Priestley" <Mark.Priestley@vodafone.com>, "Arve  
> Bersvendsen" <arveb@opera.com>
> Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital  
> Signatures spec
>
> Good question. Let's see what the domain experts say.
>
> My take is:
>
> * The first sentence in the current text will need to be updated to  
> reflect req #1 from Thomas.
>
> * Regarding Thomas' req #2, perhaps that doesn't need to be an  
> explicit requirement but something we need to address in the spec.  
> It feels too much like a statement about the usage/deployment of XML  
> Signature rather than a high-level req.
>
> -AB
>
> On Sep 25, 2008, at 10:49 AM, ext Marcos Caceres wrote:
>
>> On Thu, Sep 25, 2008 at 3:06 PM, Thomas Roessler <tlr@w3.org> wrote:
>>> totally, yes.
>>>
>>> So there are really two requirements here:
>>>
>>> 1. Do not use sha-256 implicitly, anywhere, so you can change  
>>> later on.
>>> 2. Pick a decent set of algorithms.
>>>
>>
>> Does that means that R43. Support for Multiple Message Digest
>> Algorithms needs to be changed? it currently reads:
>>
>> "A conforming specification MUST recommend that where the integrity  
>> of
>> data is protected using a message digest, it MUST be possible to use
>> the SHA-1 message digest algorithm or the SHA-256 message digest
>> algorithm. Due to known weaknesses in the SHA-1 algorithm and the
>> expected lifetime of implementations, a conforming specification MUST
>> strongly recommend the use of SHA-256 to ensure that the overall
>> security of the solution is maintained."
>>
>>
>> -- 
>> Marcos Caceres
>> http://datadriven.com.au
>
Begin forwarded message:

> From: "Marcos Caceres" <marcosscaceres@gmail.com>
> Date: 25 September 2008 16:49:30 CEDT
> To: "Thomas Roessler" <tlr@w3.org>
> Cc: "Frederick Hirsch" <frederick.hirsch@nokia.com>,  "Arthur  
> Barstow" <art.barstow@nokia.com>,  "Mark Priestley" <Mark.Priestley@vodafone.com 
> >,  "Arve Bersvendsen" <arveb@opera.com>
> Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital  
> Signatures spec
>
> On Thu, Sep 25, 2008 at 3:06 PM, Thomas Roessler <tlr@w3.org> wrote:
>> totally, yes.
>>
>> So there are really two requirements here:
>>
>> 1. Do not use sha-256 implicitly, anywhere, so you can change later  
>> on.
>> 2. Pick a decent set of algorithms.
>>
>
> Does that means that R43. Support for Multiple Message Digest
> Algorithms needs to be changed? it currently reads:
>
> "A conforming specification MUST recommend that where the integrity of
> data is protected using a message digest, it MUST be possible to use
> the SHA-1 message digest algorithm or the SHA-256 message digest
> algorithm. Due to known weaknesses in the SHA-1 algorithm and the
> expected lifetime of implementations, a conforming specification MUST
> strongly recommend the use of SHA-256 to ensure that the overall
> security of the solution is maintained."
>
>
> -- 
> Marcos Caceres
> http://datadriven.com.au
>
Begin forwarded message:

> From: Frederick Hirsch <frederick.hirsch@nokia.com>
> Date: 25 September 2008 16:07:28 CEDT
> To: "ext Thomas Roessler" <tlr@w3.org>
> Cc: Arthur Barstow <art.barstow@nokia.com>, Marcos Caceres <m.caceres@qut.edu.au 
> >, Mark Priestley <Mark.Priestley@vodafone.com>, Arve Bersvendsen <arveb@opera.com 
> >
> Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital  
> Signatures spec
>
> +1
> and maybe picking one algorithm now is simple and the way to go, but  
> in future a new edition might change the algs
>
> (e.g. someone is going to have to think about versioning, as usual.)
>
> regards, Frederick
>
> Frederick Hirsch
> Nokia
>
>
>
> On Sep 25, 2008, at 10:06 AM, ext Thomas Roessler wrote:
>
>> totally, yes.
>>
>> So there are really two requirements here:
>>
>> 1. Do not use sha-256 implicitly, anywhere, so you can change later  
>> on.
>> 2. Pick a decent set of algorithms.
>>
>> -- Thomas Roessler, W3C  <tlr@w3.org>
>>
>>
>>
>> On 25 Sep 2008, at 16:03, Frederick Hirsch wrote:
>>
>>> indeed, but the SHA-1 risk is not the last risk we will ever see...
>>>
>>> regards, Frederick
>>>
>>> Frederick Hirsch
>>> Nokia
>>>
>>>
>>>
>>> On Sep 25, 2008, at 9:56 AM, ext Thomas Roessler wrote:
>>>
>>>> Frederick,
>>>>
>>>> to your first point, they'll need to agree on some set of  
>>>> algorithms to get interoperability for widgets, as a platform.
>>>>
>>>> Regards,
>>>> -- 
>>>> Thomas Roessler, W3C  <tlr@w3.org>
>>>>
>>>>
>>>>
>>>> On 25 Sep 2008, at 15:52, Frederick Hirsch wrote:
>>>>
>>>>> one question I have is the following:
>>>>>
>>>>> XML Signature makes an effort to allow the specification of  
>>>>> algorithm with the data, thus allowing it to be self-specifying  
>>>>> and modifiable. Why do you feel a requirement to limit to a  
>>>>> single algorithm? What happens if you select RSA-SHA256 and then  
>>>>> a need is seen for SHA-512 or an alternative to RSA due to some  
>>>>> new attack or weakness?
>>>>>
>>>>> Why not leverage the flexibility of XML Signature to allow  
>>>>> different algorithms, along lines of Receiver MUST support RSA- 
>>>>> SHA1, RSA-SHA256 "or better" and Sender MUST support RSA-SHA256  
>>>>> etc But perhaps I am anticipating WG discussion.
>>>>>
>>>>> Draft looks good, maybe
>>>>>
>>>>> s/Anyhow, d/D/
>>>>> #2 s/do/should
>>>>>
>>>>> Perhaps add #4, is there sense is supporting more than one  
>>>>> algorithm?
>>>>>
>>>>>
>>>>> regards, Frederick
>>>>>
>>>>> Frederick Hirsch
>>>>> Nokia
>>>>>
>>>>>
>>>>>
>>>>> On Sep 25, 2008, at 9:44 AM, Arthur Barstow wrote:
>>>>>
>>>>>> Below is my DRAFT e-mail to the XML Sec WG regarding Issue #22.
>>>>>>
>>>>>> Is this OK? If not, please send suggested changes that will  
>>>>>> make it OK.
>>>>>>
>>>>>> FYI, I discussed this impending e-mail with Frederick and he  
>>>>>> was agreeable to me including him on this Draft email.
>>>>>>
>>>>>> -Thanks, Art
>>>>>>
>>>>>>
>>>>>> === START DRAFT
>>>>>>
>>>>>> To: public-xmlsec@w3.org
>>>>>> Cc: public-webapps@w3.org
>>>>>> Subject: Seeking feedback regarding Widgets Digital Signatures  
>>>>>> spec
>>>>>>
>>>>>> Frederick, All,
>>>>>>
>>>>>> As you may know, the Web Applications WG [WebApps] is working  
>>>>>> on a Digital Signature specification for "Widgets" (see  
>>>>>> [Widgets] for a definition of Widget in this context).
>>>>>>
>>>>>> The FPWD of our Digital Signature spec is at [DigSig-TR] and  
>>>>>> the latest Editor's Draft is available at [DigSig-ED].
>>>>>>
>>>>>> Anyhow, during our August f2f meeting, we discussed what we  
>>>>>> call Issue #22 - "Is sha1 as a DigestMethod strong enough for  
>>>>>> Widgets digital signatures?" [Issue-22]. At then end of this  
>>>>>> discussion [Issue-22-Discuss] I agreed to the following action:
>>>>>>
>>>>>> [[
>>>>>> Ask the XML Sec WG "what algorithm do you recommend we use and  
>>>>>> what identifier should we use for it?
>>>>>> ]]
>>>>>>
>>>>>> Our questions are:
>>>>>>
>>>>>> 1. What (if any) issues do you foresee if we require support  
>>>>>> for SHA-256 (rather than SHA-1)?
>>>>>>
>>>>>> 2. What algorithm do we use?
>>>>>>
>>>>>> 3. What identifier do we use for the algorithm?
>>>>>>
>>>>>> -Regards, Art Barstow
>>>>>> Co-Chair of the WebApps WG
>>>>>>
>>>>>> [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page>
>>>>>> [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction>
>>>>>> [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/>
>>>>>> [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/>
>>>>>> [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22>
>>>>>> [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam-minutes.html#item07 
>>>>>> >
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
Begin forwarded message:

> From: Thomas Roessler <tlr@w3.org>
> Date: 25 September 2008 16:06:09 CEDT
> To: Frederick Hirsch <frederick.hirsch@nokia.com>
> Cc: Arthur Barstow <art.barstow@nokia.com>, Marcos Caceres <m.caceres@qut.edu.au 
> >, Mark Priestley <Mark.Priestley@vodafone.com>, Arve Bersvendsen <arveb@opera.com 
> >
> Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital  
> Signatures spec
>
> totally, yes.
>
> So there are really two requirements here:
>
> 1. Do not use sha-256 implicitly, anywhere, so you can change later  
> on.
> 2. Pick a decent set of algorithms.
>
> -- Thomas Roessler, W3C  <tlr@w3.org>
>
>
>
> On 25 Sep 2008, at 16:03, Frederick Hirsch wrote:
>
>> indeed, but the SHA-1 risk is not the last risk we will ever see...
>>
>> regards, Frederick
>>
>> Frederick Hirsch
>> Nokia
>>
>>
>>
>> On Sep 25, 2008, at 9:56 AM, ext Thomas Roessler wrote:
>>
>>> Frederick,
>>>
>>> to your first point, they'll need to agree on some set of  
>>> algorithms to get interoperability for widgets, as a platform.
>>>
>>> Regards,
>>> -- 
>>> Thomas Roessler, W3C  <tlr@w3.org>
>>>
>>>
>>>
>>> On 25 Sep 2008, at 15:52, Frederick Hirsch wrote:
>>>
>>>> one question I have is the following:
>>>>
>>>> XML Signature makes an effort to allow the specification of  
>>>> algorithm with the data, thus allowing it to be self-specifying  
>>>> and modifiable. Why do you feel a requirement to limit to a  
>>>> single algorithm? What happens if you select RSA-SHA256 and then  
>>>> a need is seen for SHA-512 or an alternative to RSA due to some  
>>>> new attack or weakness?
>>>>
>>>> Why not leverage the flexibility of XML Signature to allow  
>>>> different algorithms, along lines of Receiver MUST support RSA- 
>>>> SHA1, RSA-SHA256 "or better" and Sender MUST support RSA-SHA256  
>>>> etc But perhaps I am anticipating WG discussion.
>>>>
>>>> Draft looks good, maybe
>>>>
>>>> s/Anyhow, d/D/
>>>> #2 s/do/should
>>>>
>>>> Perhaps add #4, is there sense is supporting more than one  
>>>> algorithm?
>>>>
>>>>
>>>> regards, Frederick
>>>>
>>>> Frederick Hirsch
>>>> Nokia
>>>>
>>>>
>>>>
>>>> On Sep 25, 2008, at 9:44 AM, Arthur Barstow wrote:
>>>>
>>>>> Below is my DRAFT e-mail to the XML Sec WG regarding Issue #22.
>>>>>
>>>>> Is this OK? If not, please send suggested changes that will make  
>>>>> it OK.
>>>>>
>>>>> FYI, I discussed this impending e-mail with Frederick and he was  
>>>>> agreeable to me including him on this Draft email.
>>>>>
>>>>> -Thanks, Art
>>>>>
>>>>>
>>>>> === START DRAFT
>>>>>
>>>>> To: public-xmlsec@w3.org
>>>>> Cc: public-webapps@w3.org
>>>>> Subject: Seeking feedback regarding Widgets Digital Signatures  
>>>>> spec
>>>>>
>>>>> Frederick, All,
>>>>>
>>>>> As you may know, the Web Applications WG [WebApps] is working on  
>>>>> a Digital Signature specification for "Widgets" (see [Widgets]  
>>>>> for a definition of Widget in this context).
>>>>>
>>>>> The FPWD of our Digital Signature spec is at [DigSig-TR] and the  
>>>>> latest Editor's Draft is available at [DigSig-ED].
>>>>>
>>>>> Anyhow, during our August f2f meeting, we discussed what we call  
>>>>> Issue #22 - "Is sha1 as a DigestMethod strong enough for Widgets  
>>>>> digital signatures?" [Issue-22]. At then end of this discussion  
>>>>> [Issue-22-Discuss] I agreed to the following action:
>>>>>
>>>>> [[
>>>>> Ask the XML Sec WG "what algorithm do you recommend we use and  
>>>>> what identifier should we use for it?
>>>>> ]]
>>>>>
>>>>> Our questions are:
>>>>>
>>>>> 1. What (if any) issues do you foresee if we require support for  
>>>>> SHA-256 (rather than SHA-1)?
>>>>>
>>>>> 2. What algorithm do we use?
>>>>>
>>>>> 3. What identifier do we use for the algorithm?
>>>>>
>>>>> -Regards, Art Barstow
>>>>> Co-Chair of the WebApps WG
>>>>>
>>>>> [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page>
>>>>> [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction>
>>>>> [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/>
>>>>> [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/>
>>>>> [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22>
>>>>> [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam-minutes.html#item07 
>>>>> >
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
Begin forwarded message:

> From: Frederick Hirsch <frederick.hirsch@nokia.com>
> Date: 25 September 2008 16:03:27 CEDT
> To: "ext Thomas Roessler" <tlr@w3.org>
> Cc: Arthur Barstow <art.barstow@nokia.com>, Marcos Caceres <m.caceres@qut.edu.au 
> >, Mark Priestley <Mark.Priestley@vodafone.com>, Arve Bersvendsen <arveb@opera.com 
> >
> Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital  
> Signatures spec
>
> indeed, but the SHA-1 risk is not the last risk we will ever see...
>
> regards, Frederick
>
> Frederick Hirsch
> Nokia
>
>
>
> On Sep 25, 2008, at 9:56 AM, ext Thomas Roessler wrote:
>
>> Frederick,
>>
>> to your first point, they'll need to agree on some set of  
>> algorithms to get interoperability for widgets, as a platform.
>>
>> Regards,
>> -- 
>> Thomas Roessler, W3C  <tlr@w3.org>
>>
>>
>>
>> On 25 Sep 2008, at 15:52, Frederick Hirsch wrote:
>>
>>> one question I have is the following:
>>>
>>> XML Signature makes an effort to allow the specification of  
>>> algorithm with the data, thus allowing it to be self-specifying  
>>> and modifiable. Why do you feel a requirement to limit to a single  
>>> algorithm? What happens if you select RSA-SHA256 and then a need  
>>> is seen for SHA-512 or an alternative to RSA due to some new  
>>> attack or weakness?
>>>
>>> Why not leverage the flexibility of XML Signature to allow  
>>> different algorithms, along lines of Receiver MUST support RSA- 
>>> SHA1, RSA-SHA256 "or better" and Sender MUST support RSA-SHA256  
>>> etc But perhaps I am anticipating WG discussion.
>>>
>>> Draft looks good, maybe
>>>
>>> s/Anyhow, d/D/
>>> #2 s/do/should
>>>
>>> Perhaps add #4, is there sense is supporting more than one  
>>> algorithm?
>>>
>>>
>>> regards, Frederick
>>>
>>> Frederick Hirsch
>>> Nokia
>>>
>>>
>>>
>>> On Sep 25, 2008, at 9:44 AM, Arthur Barstow wrote:
>>>
>>>> Below is my DRAFT e-mail to the XML Sec WG regarding Issue #22.
>>>>
>>>> Is this OK? If not, please send suggested changes that will make  
>>>> it OK.
>>>>
>>>> FYI, I discussed this impending e-mail with Frederick and he was  
>>>> agreeable to me including him on this Draft email.
>>>>
>>>> -Thanks, Art
>>>>
>>>>
>>>> === START DRAFT
>>>>
>>>> To: public-xmlsec@w3.org
>>>> Cc: public-webapps@w3.org
>>>> Subject: Seeking feedback regarding Widgets Digital Signatures spec
>>>>
>>>> Frederick, All,
>>>>
>>>> As you may know, the Web Applications WG [WebApps] is working on  
>>>> a Digital Signature specification for "Widgets" (see [Widgets]  
>>>> for a definition of Widget in this context).
>>>>
>>>> The FPWD of our Digital Signature spec is at [DigSig-TR] and the  
>>>> latest Editor's Draft is available at [DigSig-ED].
>>>>
>>>> Anyhow, during our August f2f meeting, we discussed what we call  
>>>> Issue #22 - "Is sha1 as a DigestMethod strong enough for Widgets  
>>>> digital signatures?" [Issue-22]. At then end of this discussion  
>>>> [Issue-22-Discuss] I agreed to the following action:
>>>>
>>>> [[
>>>> Ask the XML Sec WG "what algorithm do you recommend we use and  
>>>> what identifier should we use for it?
>>>> ]]
>>>>
>>>> Our questions are:
>>>>
>>>> 1. What (if any) issues do you foresee if we require support for  
>>>> SHA-256 (rather than SHA-1)?
>>>>
>>>> 2. What algorithm do we use?
>>>>
>>>> 3. What identifier do we use for the algorithm?
>>>>
>>>> -Regards, Art Barstow
>>>> Co-Chair of the WebApps WG
>>>>
>>>> [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page>
>>>> [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction>
>>>> [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/>
>>>> [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/>
>>>> [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22>
>>>> [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam-minutes.html#item07 
>>>> >
>>>>
>>>>
>>>>
>>>
>>
>
Begin forwarded message:

> From: Thomas Roessler <tlr@w3.org>
> Date: 25 September 2008 15:56:53 CEDT
> To: Frederick Hirsch <frederick.hirsch@nokia.com>
> Cc: Arthur Barstow <art.barstow@nokia.com>, Marcos Caceres <m.caceres@qut.edu.au 
> >, Mark Priestley <Mark.Priestley@vodafone.com>, Arve Bersvendsen <arveb@opera.com 
> >
> Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital  
> Signatures spec
>
> Frederick,
>
> to your first point, they'll need to agree on some set of algorithms  
> to get interoperability for widgets, as a platform.
>
> Regards,
> -- 
> Thomas Roessler, W3C  <tlr@w3.org>
>
>
>
> On 25 Sep 2008, at 15:52, Frederick Hirsch wrote:
>
>> one question I have is the following:
>>
>> XML Signature makes an effort to allow the specification of  
>> algorithm with the data, thus allowing it to be self-specifying and  
>> modifiable. Why do you feel a requirement to limit to a single  
>> algorithm? What happens if you select RSA-SHA256 and then a need is  
>> seen for SHA-512 or an alternative to RSA due to some new attack or  
>> weakness?
>>
>> Why not leverage the flexibility of XML Signature to allow  
>> different algorithms, along lines of Receiver MUST support RSA- 
>> SHA1, RSA-SHA256 "or better" and Sender MUST support RSA-SHA256 etc  
>> But perhaps I am anticipating WG discussion.
>>
>> Draft looks good, maybe
>>
>> s/Anyhow, d/D/
>> #2 s/do/should
>>
>> Perhaps add #4, is there sense is supporting more than one algorithm?
>>
>>
>> regards, Frederick
>>
>> Frederick Hirsch
>> Nokia
>>
>>
>>
>> On Sep 25, 2008, at 9:44 AM, Arthur Barstow wrote:
>>
>>> Below is my DRAFT e-mail to the XML Sec WG regarding Issue #22.
>>>
>>> Is this OK? If not, please send suggested changes that will make  
>>> it OK.
>>>
>>> FYI, I discussed this impending e-mail with Frederick and he was  
>>> agreeable to me including him on this Draft email.
>>>
>>> -Thanks, Art
>>>
>>>
>>> === START DRAFT
>>>
>>> To: public-xmlsec@w3.org
>>> Cc: public-webapps@w3.org
>>> Subject: Seeking feedback regarding Widgets Digital Signatures spec
>>>
>>> Frederick, All,
>>>
>>> As you may know, the Web Applications WG [WebApps] is working on a  
>>> Digital Signature specification for "Widgets" (see [Widgets] for a  
>>> definition of Widget in this context).
>>>
>>> The FPWD of our Digital Signature spec is at [DigSig-TR] and the  
>>> latest Editor's Draft is available at [DigSig-ED].
>>>
>>> Anyhow, during our August f2f meeting, we discussed what we call  
>>> Issue #22 - "Is sha1 as a DigestMethod strong enough for Widgets  
>>> digital signatures?" [Issue-22]. At then end of this discussion  
>>> [Issue-22-Discuss] I agreed to the following action:
>>>
>>> [[
>>> Ask the XML Sec WG "what algorithm do you recommend we use and  
>>> what identifier should we use for it?
>>> ]]
>>>
>>> Our questions are:
>>>
>>> 1. What (if any) issues do you foresee if we require support for  
>>> SHA-256 (rather than SHA-1)?
>>>
>>> 2. What algorithm do we use?
>>>
>>> 3. What identifier do we use for the algorithm?
>>>
>>> -Regards, Art Barstow
>>> Co-Chair of the WebApps WG
>>>
>>> [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page>
>>> [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction>
>>> [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/>
>>> [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/>
>>> [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22>
>>> [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam-minutes.html#item07 
>>> >
>>>
>>>
>>>
>>
>
Begin forwarded message:

> From: "Marcos Caceres" <marcosscaceres@gmail.com>
> Date: 25 September 2008 15:53:38 CEDT
> To: "Arthur Barstow" <art.barstow@nokia.com>
> Cc: "Thomas Roessler" <tlr@w3.org>,  "Mark Priestley" <Mark.Priestley@vodafone.com 
> >,  "Arve Bersvendsen" <arveb@opera.com>,  "Frederick Hirsch" <frederick.hirsch@nokia.com 
> >
> Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital  
> Signatures spec
>
> Sounds fine to me too.
>
> On Thu, Sep 25, 2008 at 2:44 PM, Arthur Barstow  
> <art.barstow@nokia.com> wrote:
>> Below is my DRAFT e-mail to the XML Sec WG regarding Issue #22.
>>
>> Is this OK? If not, please send suggested changes that will make it  
>> OK.
>>
>> FYI, I discussed this impending e-mail with Frederick and he was  
>> agreeable
>> to me including him on this Draft email.
>>
>> -Thanks, Art
>>
>>
>> === START DRAFT
>>
>> To: public-xmlsec@w3.org
>> Cc: public-webapps@w3.org
>> Subject: Seeking feedback regarding Widgets Digital Signatures spec
>>
>> Frederick, All,
>>
>> As you may know, the Web Applications WG [WebApps] is working on a  
>> Digital
>> Signature specification for "Widgets" (see [Widgets] for a  
>> definition of
>> Widget in this context).
>>
>> The FPWD of our Digital Signature spec is at [DigSig-TR] and the  
>> latest
>> Editor's Draft is available at [DigSig-ED].
>>
>> Anyhow, during our August f2f meeting, we discussed what we call  
>> Issue #22 -
>> "Is sha1 as a DigestMethod strong enough for Widgets digital  
>> signatures?"
>> [Issue-22]. At then end of this discussion [Issue-22-Discuss] I  
>> agreed to
>> the following action:
>>
>> [[
>> Ask the XML Sec WG "what algorithm do you recommend we use and what
>> identifier should we use for it?
>> ]]
>>
>> Our questions are:
>>
>> 1. What (if any) issues do you foresee if we require support for  
>> SHA-256
>> (rather than SHA-1)?
>>
>> 2. What algorithm do we use?
>>
>> 3. What identifier do we use for the algorithm?
>>
>> -Regards, Art Barstow
>> Co-Chair of the WebApps WG
>>
>> [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page>
>> [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction>
>> [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/>
>> [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/>
>> [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22>
>> [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam-minutes.html#item07 
>> >
>>
>>
>>
>>
>
>
>
> -- 
> Marcos Caceres
> http://datadriven.com.au
>
Begin forwarded message:

> From: Frederick Hirsch <frederick.hirsch@nokia.com>
> Date: 25 September 2008 15:52:41 CEDT
> To: Arthur Barstow <art.barstow@nokia.com>
> Cc: Marcos Caceres <m.caceres@qut.edu.au>, Thomas Roessler  
> <tlr@w3.org>, Mark Priestley <Mark.Priestley@vodafone.com>, Arve  
> Bersvendsen <arveb@opera.com>
> Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital  
> Signatures spec
>
> one question I have is the following:
>
> XML Signature makes an effort to allow the specification of  
> algorithm with the data, thus allowing it to be self-specifying and  
> modifiable. Why do you feel a requirement to limit to a single  
> algorithm? What happens if you select RSA-SHA256 and then a need is  
> seen for SHA-512 or an alternative to RSA due to some new attack or  
> weakness?
>
> Why not leverage the flexibility of XML Signature to allow different  
> algorithms, along lines of Receiver MUST support RSA-SHA1, RSA- 
> SHA256 "or better" and Sender MUST support RSA-SHA256 etc But  
> perhaps I am anticipating WG discussion.
>
> Draft looks good, maybe
>
> s/Anyhow, d/D/
> #2 s/do/should
>
> Perhaps add #4, is there sense is supporting more than one algorithm?
>
>
> regards, Frederick
>
> Frederick Hirsch
> Nokia
>
>
>
> On Sep 25, 2008, at 9:44 AM, Arthur Barstow wrote:
>
>> Below is my DRAFT e-mail to the XML Sec WG regarding Issue #22.
>>
>> Is this OK? If not, please send suggested changes that will make it  
>> OK.
>>
>> FYI, I discussed this impending e-mail with Frederick and he was  
>> agreeable to me including him on this Draft email.
>>
>> -Thanks, Art
>>
>>
>> === START DRAFT
>>
>> To: public-xmlsec@w3.org
>> Cc: public-webapps@w3.org
>> Subject: Seeking feedback regarding Widgets Digital Signatures spec
>>
>> Frederick, All,
>>
>> As you may know, the Web Applications WG [WebApps] is working on a  
>> Digital Signature specification for "Widgets" (see [Widgets] for a  
>> definition of Widget in this context).
>>
>> The FPWD of our Digital Signature spec is at [DigSig-TR] and the  
>> latest Editor's Draft is available at [DigSig-ED].
>>
>> Anyhow, during our August f2f meeting, we discussed what we call  
>> Issue #22 - "Is sha1 as a DigestMethod strong enough for Widgets  
>> digital signatures?" [Issue-22]. At then end of this discussion  
>> [Issue-22-Discuss] I agreed to the following action:
>>
>> [[
>> Ask the XML Sec WG "what algorithm do you recommend we use and what  
>> identifier should we use for it?
>> ]]
>>
>> Our questions are:
>>
>> 1. What (if any) issues do you foresee if we require support for  
>> SHA-256 (rather than SHA-1)?
>>
>> 2. What algorithm do we use?
>>
>> 3. What identifier do we use for the algorithm?
>>
>> -Regards, Art Barstow
>> Co-Chair of the WebApps WG
>>
>> [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page>
>> [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction>
>> [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/>
>> [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/>
>> [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22>
>> [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam-minutes.html#item07 
>> >
>>
>>
>>
>
Begin forwarded message:

> From: Thomas Roessler <tlr@w3.org>
> Date: 25 September 2008 15:52:02 CEDT
> To: Arthur Barstow <art.barstow@nokia.com>
> Cc: Marcos Caceres <m.caceres@qut.edu.au>, Mark Priestley <Mark.Priestley@vodafone.com 
> >, Arve Bersvendsen <arveb@opera.com>, Frederick Hirsch <frederick.hirsch@nokia.com 
> >
> Subject: Re: DRAFT: Seeking feedback regarding Widgets Digital  
> Signatures spec
>
> fine with me
> -- Thomas Roessler, W3C  <tlr@w3.org>
>
>
>
> On 25 Sep 2008, at 15:44, Arthur Barstow wrote:
>
>> Below is my DRAFT e-mail to the XML Sec WG regarding Issue #22.
>>
>> Is this OK? If not, please send suggested changes that will make it  
>> OK.
>>
>> FYI, I discussed this impending e-mail with Frederick and he was  
>> agreeable to me including him on this Draft email.
>>
>> -Thanks, Art
>>
>>
>> === START DRAFT
>>
>> To: public-xmlsec@w3.org
>> Cc: public-webapps@w3.org
>> Subject: Seeking feedback regarding Widgets Digital Signatures spec
>>
>> Frederick, All,
>>
>> As you may know, the Web Applications WG [WebApps] is working on a  
>> Digital Signature specification for "Widgets" (see [Widgets] for a  
>> definition of Widget in this context).
>>
>> The FPWD of our Digital Signature spec is at [DigSig-TR] and the  
>> latest Editor's Draft is available at [DigSig-ED].
>>
>> Anyhow, during our August f2f meeting, we discussed what we call  
>> Issue #22 - "Is sha1 as a DigestMethod strong enough for Widgets  
>> digital signatures?" [Issue-22]. At then end of this discussion  
>> [Issue-22-Discuss] I agreed to the following action:
>>
>> [[
>> Ask the XML Sec WG "what algorithm do you recommend we use and what  
>> identifier should we use for it?
>> ]]
>>
>> Our questions are:
>>
>> 1. What (if any) issues do you foresee if we require support for  
>> SHA-256 (rather than SHA-1)?
>>
>> 2. What algorithm do we use?
>>
>> 3. What identifier do we use for the algorithm?
>>
>> -Regards, Art Barstow
>> Co-Chair of the WebApps WG
>>
>> [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page>
>> [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction>
>> [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/>
>> [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/>
>> [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22>
>> [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam-minutes.html#item07 
>> >
>>
>>
>>
>
Begin forwarded message:

> From: Arthur Barstow <art.barstow@nokia.com>
> Date: 25 September 2008 15:44:07 CEDT
> To: Marcos Caceres <m.caceres@qut.edu.au>, Thomas Roessler  
> <tlr@w3.org>, Mark Priestley <Mark.Priestley@vodafone.com>, Arve  
> Bersvendsen <arveb@opera.com>
> Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
> Subject: DRAFT: Seeking feedback regarding Widgets Digital  
> Signatures spec
>
> Below is my DRAFT e-mail to the XML Sec WG regarding Issue #22.
>
> Is this OK? If not, please send suggested changes that will make it  
> OK.
>
> FYI, I discussed this impending e-mail with Frederick and he was  
> agreeable to me including him on this Draft email.
>
> -Thanks, Art
>
>
> === START DRAFT
>
> To: public-xmlsec@w3.org
> Cc: public-webapps@w3.org
> Subject: Seeking feedback regarding Widgets Digital Signatures spec
>
> Frederick, All,
>
> As you may know, the Web Applications WG [WebApps] is working on a  
> Digital Signature specification for "Widgets" (see [Widgets] for a  
> definition of Widget in this context).
>
> The FPWD of our Digital Signature spec is at [DigSig-TR] and the  
> latest Editor's Draft is available at [DigSig-ED].
>
> Anyhow, during our August f2f meeting, we discussed what we call  
> Issue #22 - "Is sha1 as a DigestMethod strong enough for Widgets  
> digital signatures?" [Issue-22]. At then end of this discussion  
> [Issue-22-Discuss] I agreed to the following action:
>
> [[
> Ask the XML Sec WG "what algorithm do you recommend we use and what  
> identifier should we use for it?
> ]]
>
> Our questions are:
>
> 1. What (if any) issues do you foresee if we require support for  
> SHA-256 (rather than SHA-1)?
>
> 2. What algorithm do we use?
>
> 3. What identifier do we use for the algorithm?
>
> -Regards, Art Barstow
> Co-Chair of the WebApps WG
>
> [WebApps] <http://www.w3.org/2008/webapps/wiki/Main_Page>
> [Widgets] <http://www.w3.org/TR/widgets-reqs/#introduction>
> [DigSig-TR] <http://www.w3.org/TR/widgets-digsig/>
> [DigSig-ED] <http://dev.w3.org/2006/waf/widgets-digsig/>
> [Issue-22] <http://www.w3.org/2008/webapps/track/issues/22>
> [Issue-22-Discuss] <http://www.w3.org/2008/08/27-wam-minutes.html#item07 
> >
>
>
>

Received on Friday, 26 September 2008 15:50:48 UTC