- From: Peter Patel-Schneider <pfpschneider@gmail.com>
- Date: Wed, 09 Jun 2021 13:45:10 -0400
- To: Eric Prud'hommeaux <eric@w3.org>
- Cc: semantic-web@w3.org
On Wed, 2021-06-09 at 13:10 +0200, Eric Prud'hommeaux wrote: > On Tue, Jun 08, 2021 at 08:21:31PM -0400, Peter Patel-Schneider > wrote: > > On Tue, 2021-06-08 at 23:13 +0200, Eric Prud'hommeaux wrote: > > > On Mon, Jun 07, 2021 at 08:31:17PM -0400, Peter F. Patel- > > > Schneider > > wrote: > > > > On Mon, 2021-06-07 at 22:49 +0200, Eric Prud'hommeaux wrote: > > > > > On Mon, Jun 07, 2021 at 03:37:44PM -0400, Peter Patel- > > > > > Schneider > > > > > wrote: > > > > > > > > [..] > > > [...] > > > Do you agree that in order to do so, they'd have to expand the > > > document more than once, and carry the conclusion of a valid > > signature > > > over from the first expansion? > > > > For the receiver seeing a different graph than what the sender > > signed > > this double expansion is needed. However, double expansion is > > required > > given the algorithms in https://w3c-ccg.github.io/ld-proofs/ > > I see only one expansion in signing and one in verification. > Together, > they total two, but any change to the context that affects the signed > triples with result in a failed verification. The only place to > inject > a well-timed context change would be if either signing or > verification > demanded multiple expansions. But the receiver needs to perform two expansions. The first happens when the receiver runs the verify algorithm. The second happens when the receiver uses the transmitted document to construct the RDF dataset. These two operations can be separated by an arbitrary amount of time and can be done in different environnments with the result that the recceiver constructs a different dataset from what the verify algorithm verified. And remote contexts and other environmental concerns can be constructed and manipulated so that the verify algorithm sees what the originator signed and thus returns true but the receiver constructs something different. This can happen by accident, such as when a remote context is updated, or by an opponent, for example by modifying a transmitted document to inject a remote context that is modified between verification and construction. [...] peter
Received on Wednesday, 9 June 2021 17:46:04 UTC