W3C home > Mailing lists > Public > semantic-web@w3.org > May 2021

Re: Chartering work has started for a Linked Data Signature Working Group @W3C

From: Dan Brickley <danbri@danbri.org>
Date: Fri, 21 May 2021 12:58:25 +0100
Message-ID: <CAFfrAFrAG0b_4LLTuoAFr0uOEs14kqBPs-7Odq1kM55os7ekww@mail.gmail.com>
To: Peter Patel-Schneider <pfpschneider@gmail.com>
Cc: Aidan Hogan <aidhog@gmail.com>, Semantic Web <semantic-web@w3.org>
My apologies to all - apparently I somehow managed to send white-on-white
email text! I don't know how, but for the curious I was replying in the iOS
Gmail app. At least I didn't sign the content :)

My main point was the one Peter responds to here on recursion. And yes - I
did not try to enumerate the reasons people might have for signing content
that contains already signed content.

If we're in the "does this fit in a barcode" design space, it may be
obvious when signed content is being encountered. If > 1000 triples, less
so.

As Eric points out, we have multiple-graph-handling standards as our tools
here, which gives some other design options.

Should the charter say something about recursion/nesting?

Does this count as rolling our own crypto yet? :(

Dan

On Fri, 21 May 2021 at 12:01, Peter Patel-Schneider <pfpschneider@gmail.com>
wrote:

> On Fri, 2021-05-21 at 09:20 +0100, Dan Brickley wrote:
> >
> >
> > On Fri, 21 May 2021 at 00:34, Peter Patel-Schneider <
> > pfpschneider@gmail.com> wrote:
> > > On Thu, 2021-05-20 at 18:58 -0400, Aidan Hogan wrote:
> > > > [...]
> > > >
> > > > RDF Dataset canonicalisation has indeed undergone review by trained
> > > > mathematicians as mentioned before, but to the best of my
> > > knowledge,
> > > > the
> > > > people involved (those findable from the explainer) are not
> > > security
> > > > or
> > > > cryptography experts. Which security and cryptography engineers
> > > have
> > > > reviewed which parts? It would be good to see input from such
> > > experts
> > > > regarding (2) and particularly (3).
> > > >
> > >
> > > Indeed.  As far as I know [3], i.e., the idea of augmenting graphs
> > > while signing and removing the augmentations while verifying isn't a
> > > standard part of security and cryptography.   Which experts have
> > > signed
> > > off on this?
> > >
> >
> >
> > On this detail, does it recurse reliably?
> >
> > If Ale writes some RDF, Brin signs it to assure basic integrity of the
> > communication, publishes the result, and then a couple days later Cary
> > signs it to indicate institutional endorsement of the original claims,
> > etc. Are there any cases where manipulating an additional signing could
> > mess with embedded earlier signings, to malicious ends?
> >
> > Dan
>
> Indeed, my reading of https://w3c-ccg.github.io/ld-proofs/#algorithms
> leads me to believe that recursively signed graphs cannot be verified.
> I think the intent of recursive signing is slightly different than your
> gloss - the second signer is not signing the original graph but is
> signing the signed graph, perhaps to lend their approval of the first
> signing.
>
> Ale writes G.
> Brin signs G and adds its own proof triples, resulting in G'.
> Cary takes G', removes the proof triples in it to get G, and uses
> Brin's proof triples to verify that Brin signed G.
> Cary takes G' and adds its own proof triples, resulting in G''.
> Dave takes G'', removes the proof triples in G'' to get G, and tries to
> use Cary's proof triples to verify that Cary signed G.
> But Cary did not sign G so the verification fails!
>
> I believe that the described process for manipulation of the graph
> permits an opponent to inject unsigned content into signed graphs and
> still have the verification succeed.
>
> peter
>
>
>
>
>
Received on Friday, 21 May 2021 11:59:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 21 May 2021 11:59:52 UTC