Proposed resolution to detached/embedded and c14n/transform discussion - forward to the past from david.solo@citicorp.com on 1999-08-24 (w3c-ietf-xmldsig@w3.org from July to September 1999)

From: <david.solo@citicorp.com>
Date: Tue, 24 Aug 1999 08:30:05 -0400
TO: w3c-ietf-xmldsig@w3.org
CC: dsolo@alum.mit.edu
Message-Id: <H0000cc40413fd61@MHS>

Based on the recent discussion, I want to propose the following resolution for 
the detached/embedded and transform discussions.  In the last version of the 
syntax, the notion was to allow either an object within the siginfo element or 
a reference to an external element.  This introduced two problems (at least):  
one was the potential for nested c14n's where one alg applied to the object and 
the other to the sigInfo wrapper; and the other the fact that the processing 
for an embedded vs. detached signature were different (thus, one couldn't 
convert between the methods without breaking the signature).

In order to address this, I'm proposing moving back to a variation on prior 
suggestions in which the sigInfo element always contains a single reference (a 
resource element) to the object being signed(which may be a manifest, a PDF 
file, etc.).  The resource element in sigInfo contains the location, a set of 
transformations to be applied prior to digest calculation (e.g. c14n, 
exclusion, encoding), and the digest alg and value (calculated over the 
contents of the object element or the referenced document, but excluding the 
<object> start and end tags.  An embedded object may be contained within the 
signature element, but not within siginfo.

This approach allows switching between embedded and detached signatures without 
breaking the signature (as long as we get the digest computation rules right), 
and separates the c14n of sigInfo from the transformations applied to the 
object.  It does impose the cost of an additional digest calculation in some 
instances.

In addition to documenting and refining this (example below), I expect the 
draft for next Monday to also begin to define some of the keyInfo and algorithm 
structures.  I should have the new draft out later this week.

Dave

P.S.  My citicorp.com email address is currently in send-only mode (?), so send 
any replies to dsolo@alum.mit.edu

---

Sample revised syntax:

<signature id="...">
  <signedInfo>
    <c14nAlg type="null"/>
      <!-- applies to signedInfo, should have a default value -->
    <sigAlg type="rsaWithSHA-1"/>
    <resource>
      <reference type="http://..." href="..."/> 
      <transformations>
        <!--applies to object-->
         <c14nAlg type="http://..."/>
         <encoding type="http://..."/>
      </transformations>
      <digestAlg type="sha-1"/>
      <digestValue> a23bcd43 </digest>
    </resource>
    <signedAttributes>
      <attributeData type="http://...">19990824132700Z</attributeData>
    </signedAttributes>
  </signedInfo>
  <object ID="...">
    <!-- present if embedded object -->
    jhasodutoinwoiahsh
  </object>
  <keyInfo type="keyName"> 3 </keyInfo>
  <sigValue> dd2323dd </sigValue>
</signature>

Received on Tuesday, 24 August 1999 08:31:00 UTC