New Requirements Draft from Joseph M. Reagle Jr. on 1999-09-14 (w3c-ietf-xmldsig@w3.org from July to September 1999)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Tue, 14 Sep 1999 16:15:19 -0400
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Message-Id: <3.0.5.32.19990914161519.009d6dd0@localhost>

Donald and WG,

I've made the changes I think are relevant. They are reflected in the
following document in red underline. I request we review these tweaks on the
list and confirm its advancement at the next conference call.

http://www.w3.org/Signature/Drafts/WD-xmldsig-requirements-990916.html

Also, 3.4 now reads "The signature design and specification text must not
permit implementers to erroringly build weak implementations susceptible to
common security weaknesses (such as as downgrade or algorithm substitution
attacks)." Anyone have a good reference to a security design principles
document? I think I remember seeing one in IETF...

At 23:07 99/09/07 -0400, Donald E. Eastlake 3rd wrote:
 >2.2 Suggest "XML syntax signatures" instead of "XML signtuares" as
 >just saying "XML signatures" seems to, sooner or later, lead to
 >questions on whether they are signatures in XML syntax or signatures
 >of XML objects.

2.1 ... The XML syntax used to represent a signature (over any content) is
described as an XML-signature.

 >2.2 Drop comment.  As far as I can tell, no one is talking, or at
 >least not talking anymore, about implicitly indicating the data signed
 >by the mere placement of the signature.

Ok.

 >3.2 Comment.  should end with "and/or" non-repudiability since we
 >support keyed hashes which do not provide technical non-repudiation.
 >(Note Intro says "and/or non-repudiabiilty".

Ok.

 >7.1 Spell out "opt".

opt to

 >7.2 Suggest "Applications must use XLink locators when they reference
 >resources from within a manifest".  I don't like the slat of the
 >current wording which could imply that the use of a manifest is
 >mandatory.

XLink [Xlink] within its own signature syntax. For any resource
identification beyond simple URIs (without fragment IDs) or fragmentIDs,
applications must use XLink locators to reference signed resources

 >3.1.2 Pushes manifest to much and mandates URIs or fragments when
 >sometimes we use XLink.

I tried rewriting the manifest sections, and felt it too awkard, so now it
says:

2.2 ... (In this document we use the term manifest to mean a collection of
references to the objects being signed. The specifications may use the terms
manifest, package or other terms differently from this document while still
meeting this requirement.) 

 >2.4 Suggest replacing "A key" with "An important".

Good.

 >3.3.3 I suppose it is OK with the note but when have a "requirement"
 >mandating a certain action when we may decide otherwise.

 the XML-Fragment or XPointer specifications to yield this functionality, or
a requested change to those specifications if the functionality is not
available. See List(Boyer(1,2)) for further discussion of this issue. 

_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://w3.org/People/Reagle/

Received on Tuesday, 14 September 1999 16:16:55 UTC