Re: Review of the 2010 August 26 draft of Magic Signatures

A couple of more general comments (I emphasize these are my opinions,
not necessarily those of the XML Signature WG)...


Comparison With XML Signature
-----------------------------
The Magic Signatures specification alludes to drawbacks of using XML
Signature in certain applications. Though it is understandable that one
would to state the raison d'ĂȘtre for creating a new digital signature
specification, I recommend an approach that allows designers to select
which approach (Magic Signatures or XML Signature) might be most
suitable for their applications. Such wording might go like this:

>>>
XML Signature includes XML-aware capabilities that enable XML instances
to be signed without base64-encoding or otherwise obfuscating or
significantly altering the original XML instance. This can be useful
when XML data needs to be signed but remain intact for downstream
processing before signature validation or the removal of the XML
Signature. In contrast, Magic Signature base64-encode the data they
sign, including XML data.

The minimalist approach to Magic Signatures allows them to be serialized
into a variety of data formats; XML Signature, in contrast, must be in
the form of an XML instance at signing time and at signature
validation. 

In addition, XML Signature includes features that allow for multiple
data objects to be signed in one signature, transforms to select which
parts of those data objects are signed, and other capabilities. Use of
these advanced features naturally entails additional complexity for
application designers and coders. Magic Signatures are a complementary
approach for applications that do not need those capabilities of XML
Signature.
<<<


Magic Signature Structural Validation
-------------------------------------
I find it to be a contradiction, including in RFC 4287 (Atom), to state
in a specification that XML instances must have a certain data structure
(these elements, these attributes, etc.) and then say no structural
validation, as one would do with some kind of XML schema (DTD, XML
Schema, Relax NG, etc.), is required. Why have requirements that must be
executed by machines in human-only language when it is quite simple to
have those requirements expressed in a machine-readable language.

I can understand the specification not requiring a separate
schema-validation step, but that does not exclude the specification from
defining some kind of XML schema (my personal preference is for RELAX
NG) for those processors that would like to validate the structure of
XML instances. Frankly, for security-critical applications (such as
digital signing), I consider data structure validation critical for
helping prevent attacks. That data structure validation must be done
using a normative machine-readable schema.


Ed
-- 
========================================
Ed Simon, XMLsec Inc.
613-726-9645
edsimon@xmlsec.com 

Received on Tuesday, 21 September 2010 17:31:35 UTC