- From: John Boyer <jboyer@uwi.com>
- Date: Wed, 12 Jan 2000 09:07:56 -0800
- To: "Peter Lipp" <Peter.Lipp@iaik.at>, <Gregor.Karlinger@iaik.at>
- Cc: "DSig Group" <w3c-ietf-xmldsig@w3.org>
Hi Peter, <Peter> It seems to me that one thing we miss currently was that we have no way to force the core behaviour to dereference any URI or IDREF, in those cases where an URI or IDREF is meant to be understood as a location. This would now be application specific... Personally, I don't see the need for that, as I still believe in the scenario that if I have some data, hash it, and the signature verifies, this is the only thing that counts, and I need to accept that the data I have is the data that had been signed. Where it came from and how it was transformed, I don't see as being significant for the general case. </Peter> <John> Your argument is self contradictory. The cryptography is being used to protect a message M. What's in M? Statements. What are statements? "Person X agrees to pay Y for Z from A on date D", "This message was derived by the following sequence of transforms". So, if as you say, you 'need to accept that data' that was signed, and that data includes a statement S about how the data was derived, then you need to accept S, which means that S must actually be correct. Thus, by your own argument, you should care very much about how the data was transformed. Please also see my email [1] from yesterday. It clearly shows how easy it is to get a security analyst to reject a piece of software when the validator doesn't pay attention to the list of steps necessary to derive the signed message. [1] http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000JanMar/0023.html John Boyer Software Development Manager UWI.Com -- The Internet Forms Company </John> -----Original Message----- From: Peter Lipp [mailto:Peter.Lipp@iaik.at] Sent: Wednesday, January 12, 2000 1:33 AM To: John Boyer; Gregor.Karlinger@iaik.at Cc: DSig Group Subject: AW: Transforms useless in current spec > signed. I don't recall the end of the conversation being that we would > adopt location as hint. This was one of those discussions which seemed to end by fatigue and not by conclusions :-) And I wouldn't like to have this discussion revived..... but It seems to me that one thing we miss currently was that we have no way to force the core behaviour to dereference any URI or IDREF, in those cases where an URI or IDREF is meant to be understood as a location. This would now be application specific and any application would need to put this into SignatureProperties or so. The question seems to be: is this something that should be defined now as a core option? Personally, I don't see the need for that, as I still believe in the scenario that if I have some data, hash it, and the signature verifies, this is the only thing that counts, and I need to accept that the data I have is the data that had been signed. Where it came from and how it was transformed, I don't see as being significant for the general case. Peter ______________________________________ Dr. Peter Lipp IAIK, TU Graz Inffeldgasse 16a, A-8010 Graz, Austria Tel: +43 316 873 5513 Fax: +43 316 873 5520 Web: www.iaik.at
Received on Wednesday, 12 January 2000 12:11:50 UTC