- From: Peter F. Patel-Schneider <pfpschneider@gmail.com>
- Date: Wed, 12 May 2021 20:45:15 -0400
- To: semantic-web@w3.org
I was looking at https://w3c-ccg.github.io/ld-proofs/ and it seems to me that there is a problem in the way that signed RDF datasets, a.k.a. signed linked data, are created. The problem appears to affect any encoded proof, not just signatures. Although the document is unnecessarily complicated by its reluctance to call an RDF graph an RDF graph, it appears that Section 10 signs a document that encodes an RDF graph by canonicalizing the RDF graph, using a canonicalization that transforms isomorphic RDF graphs into the same form, and signing this canonicalized form (which may or may not be an RDF graph). It then modifies the document by extending the document with an encoding of several new triples all related to a new node that represents the signature. To verify a signature of a document that encodes an RDF graph, all triples related to signatures are removed from the encoded graph then each signature is checked to ensure that it is a valid signature for the modified graph. (Well, this is what should happen, but the verification algorithm incorrectly assumes that a set of signatures is the same as a single signature. This is not a serious problem and does not materially affect the points below.) But this does not work if the original graph that was being signed includes a signature, as this signature will be part of the signing but not the verification. It also allows extra signatures to be added to the document after signing, as these extra signatures will be removed before validation. So the signing method in https://w3c-ccg.github.io/ld-proofs/ appears to have fatal problems, both failing to validate some correctly signed documents and validating some incorrectly signed documents. The former is bad but the latter is just about the worst flaw that a signature method can have. peter
Received on Thursday, 13 May 2021 00:45:30 UTC