- From: EKR <ekr@rtfm.com>
- Date: 20 Aug 1999 14:50:21 -0700
- To: "Phillip M Hallam-Baker" <pbaker@verisign.com>
- Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>, <w3c-xml-plenary@w3.org>
"Phillip M Hallam-Baker" <pbaker@verisign.com> writes:
> I object to the following requirement:
>
>
> 3.2 The specification must specify at least one mandatory to implement
> signature canonicalization, content canonicalization, hash, and signature
> algorithm.
>
>
> No justification is provided for requirng mandatory implementation of a
> canonicalization algorithm. A canonicalization algorithm is not required
> to create a signature.
>
> The simplest implementation of a signature verifier is to validate the
> hash of the bits on the wire.
>
> The simplest implementation is desired because it is the least likely
> to have errors.
>
> A canonicalization algorithm introduces potential ambiguity into the
> bit-stream presented and is therefore a security risk. If an application
> is presented with a bit stream which does not validate it MUST be
> permitted to reject the signature. It MUST NOT be required to manipulate
> the data to make the signature verify.
>
>
> I propose the following replacement:
>
> 3.2 The specification must specify at least one mandatory to implement hash,
> and signature algorithm.
If we're counting noses, I agree with Phill.
I'm not comfortable that any of the canonicalization algorithms
hitherto proposed definitely do not damage the data in ways
that are security relevant.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
PureTLS - free SSLv3/TLS software for Java
http://www.rtfm.com/puretls/
Received on Friday, 20 August 1999 17:49:54 UTC