- From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
- Date: Mon, 23 Aug 1999 10:52:43 -0400
- To: "Phillip M Hallam-Baker" <pbaker@verisign.com>
- cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Phil, From: "Phillip M Hallam-Baker" <pbaker@verisign.com> To: "Joseph M. Reagle Jr." <reagle@w3.org> Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org> Date: Fri, 20 Aug 1999 15:49:51 -0400 Message-ID: <005201beeb45$2ac3d320$6e07a8c0@pbaker-pc.verisign.com> >The only argument advanced in favour of C14N has been that some folks >want transmission over channels which introduce noise. On the minus That is only true for a very, VERY broad stretched definition of "noisy" channel. Is a 7 bit channel which requires a reservable re-encoding into UTF-7 noisy? Is a system which parses messages into DOM trees, re-assebmles various parts of them including some signatures into a new message and signs parts of that a "noisy channel"? As far as I can see, cannonicalization is absolutely essential for a vast range of applications of XMLDSIG, particularly cases where the objects being signed are XML. It does not serve the purpose of this WG to create a standard which can only be used in an extremely secure and extremely useless way. >side there is the cost of implementation, the possibility of introducing >errors in the C14N code, the likelihood that C14n will introduce >ambiguities which might provide an attacker with an opportunity >and that does not even take account of the complexities of the >interaction between the C14N preprocessor and those handling all the >packaging, fragmenting etc. that people are proposing. > >There has never been a requirement that a particular signed object >have a unique signature under a particular private key. If so the >DSA would fail since signing a document twice is guaranteed to give >different results in all but 1 time out of 2^128 attempts. So? This has nothing to do with canonicalization. Why are you confusing the issue with deliberate FUD? The requiremens, of course, is that you need to be able to verify the signature on an object. Othewise its useless. And for a vast number of applications, the "object" is NOT an immutable binary object but some subset thereof which can only be found by deliberately throwing away and not signing many pieces and/or accidents of representation of the object. > Phill Donald
Received on Monday, 23 August 1999 10:54:32 UTC