Re: Proposed resolution to detached/embedded and c14n/transform discussion - forward to the past from Joseph M. Reagle Jr. on 1999-08-24 (w3c-ietf-xmldsig@w3.org from July to September 1999)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Tue, 24 Aug 1999 09:22:59 -0400
To: david.solo@citicorp.com
Cc: w3c-ietf-xmldsig@w3.org, dsolo@alum.mit.edu
Message-Id: <3.0.5.32.19990824092259.00a37100@localhost>

At 08:30 99/08/24 -0400, david.solo@citicorp.com wrote:
 >Based on the recent discussion, I want to propose the following resolution
for 
 >the detached/embedded and transform discussions.

Part of my confusion related to the intermediate steps of content which have
no representation in the syntax -- they area intermediate steps.

 >In order to address this, I'm proposing moving back to a variation on
prior 
 >suggestions in which the sigInfo element always contains a single
reference (a 
 >resource element) to the object being signed(which may be a manifest, a
PDF 
 >file, etc.).  




The resource element in sigInfo contains the location, a set of 
 >transformations to be applied prior to digest calculation (e.g. c14n, 
 >exclusion, encoding), and the digest alg and value (calculated over the 
 >contents of the object element or the referenced document, but excluding
the 
 ><object> start and end tags.  An embedded object may be contained within
the 
 >signature element, but not within siginfo.
 >
 >This approach allows switching between embedded and detached signatures
without 
 >breaking the signature (as long as we get the digest computation rules
right), 
 >and separates the c14n of sigInfo from the transformations applied to the 
 >object.  It does impose the cost of an additional digest calculation in
some 
 >instances.
 >
 >In addition to documenting and refining this (example below), I expect the 
 >draft for next Monday to also begin to define some of the keyInfo and
algorithm 
 >structures.  I should have the new draft out later this week.
 >
 >Dave
 >
 >P.S.  My citicorp.com email address is currently in send-only mode (?), so
send 
 >any replies to dsolo@alum.mit.edu
 >
 >---
 >
 >Sample revised syntax:
 >
 ><signature id="...">
 >  <signedInfo>
 >    <c14nAlg type="null"/>
 >      <!-- applies to signedInfo, should have a default value -->
 >    <sigAlg type="rsaWithSHA-1"/>
 >    <resource>
 >      <reference type="http://..." href="..."/> 
 >      <transformations>
 >        <!--applies to object-->
 >         <c14nAlg type="http://..."/>
 >         <encoding type="http://..."/>
 >      </transformations>
 >      <digestAlg type="sha-1"/>
 >      <digestValue> a23bcd43 </digest>
 >    </resource>
 >    <signedAttributes>
 >      <attributeData type="http://...">19990824132700Z</attributeData>
 >    </signedAttributes>
 >  </signedInfo>
 >  <object ID="...">
 >    <!-- present if embedded object -->
 >    jhasodutoinwoiahsh
 >  </object>
 >  <keyInfo type="keyName"> 3 </keyInfo>
 >  <sigValue> dd2323dd </sigValue>
 ></signature>
 >
 >Attachment Converted: "I:\3attach\WINMAIL3.DAT"
 >

_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://w3.org/People/Reagle/

Received on Tuesday, 24 August 1999 09:41:40 UTC