- From: Peter Lipp <Peter.Lipp@iaik.at>
- Date: Tue, 25 Jan 2000 14:57:41 +0100
- To: "John Boyer" <jboyer@uwi.com>, <reagle@w3.org>
- Cc: "DSig Group" <w3c-ietf-xmldsig@w3.org>
- Message-ID: <NDBBLDEHJKOODMJCNBNCKEPNDBAA.Peter.Lipp@iaik.at>
> So, the wording of our document would need to be > changed to say that the signer MUST perform the transforms as part of > calculating the message. While I wouldn't really mind saying MUST, I don't see it as a requirement. Simply because you can't prove that he did or didn't, so saying MUST doesn't really add anything! Either the signature verifies cryptographically, and it can be shown that the signed data could be calculated using the original data and the transform operations - in that case he could have done that or the signer new of some magic process to achieve the same results and we wouldn't know the difference. > their own risk in the sense that the verifier will have the > burden of proof in showing that they have not materially > altered the signature. One way to What burden? If the signature verifies, how can they have altered them? If you are thinking about the original document, having modified that one and the transforms to remove the alterations - well, in that case you really need to include the original document into the signature. European Digital Signature Guidelines require that the signer must be made aware of what he signes (for qualified signatures) and that only can be the transformed document and never the original one. > At that point, I would ask what point there is in writing down the > transforms at all. Honestly, I wouldn't be terribly bothered if they fell out.... > In conclusion, I think it is necessary to REQUIRE applications to > follow the > given transforms 'in effect' when creating a signature, and anything short > of this nullifies the security value of transforms. I think it is safe to > RECOMMEND that verifying programs perform the transforms 'in effect'. As we cannot require any of the parties to do so, and we cannot verify if they have effectively done so, this does not help. It seems to me to do so would require forcing the original documents hash into the signature too. I am not sure I understand XPath enough, but it seems to me that for any given transformation using XPath there may exist more than one document that give the same result, applying the samge transform? Correct me if that is wrong, but if it is true...... then I would suggest putting a ref to the original doc plus transforms into a manifest would be a better solution. Peter - who naively had thought we were through that after the FTF :-)
Received on Tuesday, 25 January 2000 08:57:50 UTC