ACTION-516: Last call comment/proposal for XML Signature 1.1 from Scott Cantor on 2010-02-09 (public-xmlsec@w3.org from February 2010)

From: Scott Cantor <cantor.2@osu.edu>
Date: Tue, 9 Feb 2010 16:39:51 -0500
To: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
Message-ID: <06e701caa9d0$69a0ad70$3ce20850$@2@osu.edu>

During the Requirements Workshop that led to the 1.1 effort, some flaws in
the schema and their impact on the ds:RetrievalMethod element were
discussed. With the inability to change the schema, an alternative approach
had to be developed to fix the problems with RetrievalMethod and the
assumption had been that the solution would require changes coming in XML
Signature 2.0.

After examining the problem and working up a solution, it turns out to be
compatible with XML Signature 1.1 as a KeyInfo child element extension, and
I believe it should be incorporated into 1.1 before final approval. The
addition is small, and low risk.

I propose the following additional section to be added as 4.5.10, and the
additional schema content added to the 1.1 extension schema. (We may wish to
adjust the warning text in section 4.5.3 about the use of RetrievalMethod to
recommend the use of KeyInfoReference in its place, but this is optional.)

------
The KeyInfoReference Element

A KeyInfoReference element within KeyInfo is used to convey a reference to a
KeyInfo element at another location in the same or different document. For
example, several signatures in a document might use a key verified by an
X.509v3 certificate chain appearing once in the document or remotely outside
the document; each signature's KeyInfo can reference this chain using a
single KeyInfoReference element instead of including the entire chain with a
sequence of X509Certificate elements repeated in multiple places.

KeyInfoReference uses the same syntax and dereferencing behavior as
Reference's URI (section 4.4.3.1) and the Reference Processing Model
(section 4.4.3.2) except that there are no child elements and the presence
of the URI attribute is mandatory.

The result of dereferencing a KeyInfoReference MUST be a KeyInfo element, or
an XML document with a KeyInfo element as the root.

Note: The KeyInfoReference element is a desirable alternative to the use of
RetrievalMethod when the data being referred to is a KeyInfo element and the
use of RetrievalMethod would require one or more Transform child elements,
which introduce security risk and implementation challenges.

Schema Definition

   <!-- targetNamespace="http://www.w3.org/2009/xmldsig11#" -->

   <element name="KeyInfoReference" type="dsig11:KeyInfoReferenceType"/> 
   <complexType name="KeyInfoReferenceType">
     <attribute name="URI" type="anyURI" use="required"/>
     <attribute name="Id" type="ID" use="optional"/>
   </complexType>

-- Scott

Received on Tuesday, 9 February 2010 21:40:23 UTC