W3C home > Mailing lists > Public > semantic-web@w3.org > May 2021

Re: Chartering work has started for a Linked Data Signature Working Group @W3C

From: Peter F. Patel-Schneider <pfpschneider@gmail.com>
Date: Mon, 24 May 2021 06:09:26 -0400
To: semantic-web@w3.org
Message-ID: <00450f25-579d-f32a-2d0d-87ffd218ba51@gmail.com>

On 5/24/21 2:05 AM, Aidan Hogan wrote:
> On 2021-05-23 7:06, Peter F. Patel-Schneider wrote:
>> So it appears that you agree with me that signing a document serializing an 
>> RDF dataset according using the algorithms in Linked Data Proofs 1.0 do not 
>> meet the usual computer security requirements. 
>
> Hmm, I'm not sure. I guess it depends on the specific security requirements 
> (and I'm not an expert on such topics).
>
> However, I think most of the issues you mention might lead to a verify 
> returning *false* "unexpectedly" because while verifying, you extract a 
> dataset (or signature parameters) different from the original graph (or 
> signature parameters) passed to the sign function. This type of false 
> negative seems to affect something more akin to "usability" rather than 
> security: it seems to me to err on the side of caution.
>
> If verify were returning *true* unexpectedly, I would have to imagine that 
> that would be more worrying in terms of security requirements, but I don't 
> think such issues are likely as they would seemingly break some of the 
> guarantees of the underlying cryptography (used in sign).

It appears to me that changing the data associated with the signature could 
result in an unexpected true, as this data is not part of the graph that is 
verified.  This does require that there be data in the signature that can be 
changed without affecting the verification function.  Alternatively, it might 
be possible to add an extra signature block, and still have the verification 
succeed.

These are both methods of subverting computer security that do not attack the 
core cryptographic functions but instead attack the association of the 
signature with the payload.  But it is just as important to prevent these 
attacks as other attacks.

>
>> You also appear to be saying that it might be possible to come up with 
>> qualifications that could fix this problem.
>
> Yes, I suspect that technically it should not be difficult. I think the 
> harder part will be to reach a consensus on what qualifications to apply in 
> order to ensure G1 and G2 mentioned previously.

I would say that it is more important to ensure that the qualifications 
actually do ensure correct signing and verification.

>
> Best,
> Aidan
>

peter
Received on Monday, 24 May 2021 10:10:41 UTC

This archive was generated by hypermail 2.4.0 : Monday, 24 May 2021 10:10:48 UTC