W3C home > Mailing lists > Public > semantic-web@w3.org > May 2021

Re: Chartering work has started for a Linked Data Signature Working Group @W3C

From: Peter F. Patel-Schneider <pfpschneider@gmail.com>
Date: Wed, 12 May 2021 20:45:15 -0400
To: semantic-web@w3.org
Message-ID: <41f9f5f6-5893-46f9-72d1-9329910e4807@gmail.com>
I was looking at https://w3c-ccg.github.io/ld-proofs/ and it seems to me that 
there is a problem in the way that signed RDF datasets, a.k.a. signed linked 
data, are created.  The problem appears to affect any encoded proof, not just 

Although the document is unnecessarily complicated by its reluctance to call 
an RDF graph an RDF graph, it appears that Section 10 signs a document that 
encodes an RDF graph by canonicalizing the RDF graph, using a canonicalization 
that transforms isomorphic RDF graphs into the same form, and signing this 
canonicalized form (which may or may not be an RDF graph).  It then modifies 
the document by extending the document with an encoding of several new triples 
all related to a new node that represents the signature.

To verify a signature of a document that encodes an RDF graph, all triples 
related to signatures are removed from the encoded graph then each signature 
is checked to ensure that it is a valid signature for the modified graph.  
(Well, this is what should happen, but the verification algorithm incorrectly 
assumes that a set of signatures is the same as a single signature.  This is 
not a serious problem and does not materially affect the points below.)

But this does not work if the original graph that was being signed includes a 
signature, as this signature will be part of the signing but not the 
verification.   It also allows extra signatures to be added to the document 
after signing, as these extra signatures will be removed before validation.

So the signing method in https://w3c-ccg.github.io/ld-proofs/ appears to have 
fatal problems, both failing to validate some correctly signed documents and 
validating some incorrectly signed documents.  The former is bad but the 
latter is just about the worst flaw that a signature method can have.

Received on Thursday, 13 May 2021 00:45:30 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 13 May 2021 00:45:32 UTC