- From: Dan Brickley <danbri@danbri.org>
- Date: Thu, 13 May 2021 06:09:34 +0100
- To: "Peter F. Patel-Schneider" <pfpschneider@gmail.com>
- Cc: semantic-web@w3.org
- Message-ID: <CAFfrAFrVzci9qf4eiWvVJfmv432JDow8eLW60Gp99=PbKTwe_A@mail.gmail.com>
On Thu, 13 May 2021 at 01:50, Peter F. Patel-Schneider < pfpschneider@gmail.com> wrote: > I was looking at https://w3c-ccg.github.io/ld-proofs/ and it seems to me > that > there is a problem in the way that signed RDF datasets, a.k.a. signed > linked > data, are created. The problem appears to affect any encoded proof, not > just > signatures. > > Although the document is unnecessarily complicated by its reluctance to > call > an RDF graph an RDF graph, it appears that Section 10 signs a document > that > encodes an RDF graph by canonicalizing the RDF graph, using a > canonicalization > that transforms isomorphic RDF graphs into the same form, and signing this > canonicalized form (which may or may not be an RDF graph). It then > modifies > the document by extending the document with an encoding of several new > triples > all related to a new node that represents the signature. > > To verify a signature of a document that encodes an RDF graph, all triples > related to signatures are removed from the encoded graph then each > signature > is checked to ensure that it is a valid signature for the modified graph. > (Well, this is what should happen, but the verification algorithm > incorrectly > assumes that a set of signatures is the same as a single signature. This > is > not a serious problem and does not materially affect the points below.) > > But this does not work if the original graph that was being signed > includes a > signature, as this signature will be part of the signing but not the > verification. It also allows extra signatures to be added to the > document > after signing, as these extra signatures will be removed before validation. > > So the signing method in https://w3c-ccg.github.io/ld-proofs/ appears to > have > fatal problems, both failing to validate some correctly signed documents > and > validating some incorrectly signed documents. The former is bad but the > latter is just about the worst flaw that a signature method can have. > Manu recently wrote “ RDF Graphs" -- those are not what this group is focusing on, they create all sorts of provenance issues with the signed information... this is why we pushed hard for RDF Datasets back in the day... we're focusing on canonicalizing and generating proofs (e.g., digital signatures) for RDF Datasets.” Wouldn’t an emphasis on RDF Datasets rather than Graphs make this kind of thing pointless? No need to interfere with graphs when you have a way to explicitly handle multiple graphs together as a Dataset? Dan > > > peter > > > >
Received on Thursday, 13 May 2021 05:10:00 UTC