- From: Frederick Hirsch <frederick.hirsch@nokia.com>
- Date: Tue, 11 May 2010 13:39:55 -0400
- To: ext Thomas Roessler <tlr@w3.org>
- Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>
+1 to this proposed change to the best practices document http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#avoid-default-schema-values regards, Frederick Frederick Hirsch Nokia On May 11, 2010, at 11:07 AM, ext Thomas Roessler wrote: > Here's a text suggestion around external unparsed entities: > >> Resolving external unparsed entity references can imply network >> access and can in certain circumstances be a security concern for >> signature verifiers. As a policy decision, signature verifiers may >> choose not to resolve such entities, leading to a loss of >> interoperability. >> >> Best practice for signers: >> >> Do not transmit unparsed external entity references in signed >> material. Expand all entity references before creating the >> cleartext that is transmitted. > > Here's a suggestion around schema, replacing 2.7 and 2.8: > >> Part of the validation process defined by XML Schema includes the >> "normalization" of lexical values in a document into a "schema >> normalized value" that allows schema type validation to occur >> against a predictable form. >> >> Some implementations of validating parsers, particular early ones, >> often modified DOM information "in place" when performing this >> process. Unless the signer also performed a similar validation >> process on the input document, verification is likely to fail. >> Newer validating parsers generally include an option to disable >> type normalization, or take steps to avoid modifying the DOM, >> usually by storing normalized values internally alongside the >> original data. >> >> Verifiers should be aware of the effects of their chosen parser and >> adjust the order of operations or parser options accordingly. >> Signers might also choose to operate on the normalized form of an >> XML instance when possible. >> >> Additionally, validating processors will add default values taken >> from an XML schema to the DOM of an XML instance. >> >> >> Best practice for signers: >> >> Do not rely on a validating processor on the consumer's end to >> normalize XML document. Instead, explicitly include default >> attribute values, and use normalized attributes when possible. >> >> Best practice for verifiers: >> >> Applications relying on validation should either consider verifying >> signatures before schema validation, or select implementations that >> can avoid destructive DOM changes while validating. >> > > (That concludes my action; comments more than welcome.) > -- > Thomas Roessler, W3C <tlr@w3.org> (@roessler) > > > > > > > >
Received on Tuesday, 11 May 2010 17:41:08 UTC