RE: Questions/Comments for the current draft. from Barb Fox on 2000-07-12 (w3c-ietf-xmldsig@w3.org from July to September 2000)

From: Barb Fox <bfox@Exchange.Microsoft.com>
Date: Wed, 12 Jul 2000 08:26:34 -0700
To: "Ken Goldman" <kgold@watson.ibm.com>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <96BABA22ECEAEA45B53D08D63E1B567826F1C2@DF-SPIKE.platinum.corp.microsoft.com>

Ken:

Looking at a broad range of applications, the wg decided that KeyInfo
needed to be optional, but when present, could specify a number of
different types including X.509 certificates.  Further, we made the
decision that XMLDsig signature verification should not require other
than XML tools -- which includes ASN.1. 

If an application chooses to use an X.509 certificate as the only form
of KeyInfo supporting a signature, then it probably also presumes that
all verifiers will be able to process it. That's not a safe bet for many
small XML-capable devices, which is why we chose KeyValue as mandatory
to implement if KeyInfo is specified.  

--Barbara Fox
Microsoft
-----Original Message-----
From: Ken Goldman [mailto:kgold@watson.ibm.com]
Sent: Wednesday, July 12, 2000 7:02 AM
To: w3c-ietf-xmldsig@w3.org
Subject: Re: Questions/Comments for the current draft.


I agree.  My reaction when reading the DSIG specification for the
first time was "how do I show a certificate chain."

I'd sure like to see a certificate chain explicitely part of DSIG.
But I've already been told that this is considered "outside DSIG, part
of the application."

My suspicion is that, in the real world, crypto verification pushed up
to the application will be crypto verification ignored.  The average
application developer might make an API call to verify a document.
Once the generic DSIG verifier comes back "true", the program goes on
"fat, dumb, and happy" not knowing that the signature was verified
against a forged public key.

The least DSIG KeyInfo could do is explicitly warn the reader.  As the
specification reads now, the goal of flexibility is reached by being
silent on a very important security issue.

> Date: Tue, 11 Jul 2000 15:26:07 -0700
> From: Kevin Regan <kevinr@valicert.com>
> 
> Would it make sense to somehow delineate different chains within the
> KeyInfo element? Rather than just having a hodgepodge of certificate
> entries, would it be possible to group them in something like a
> <X509CertificateChain> element (in the correct order)?  As a user
> (and implementer) of XML Signatures, it would be great to have a
> well-defined way of representing the certificates/keys/certificate
> chains that I would use to authenticate the signature.  The KeyInfo
> field is very flexible, but maybe a little less flexibility would go
> a long way here... :-)

-- 
Ken Goldman   kgold@watson.ibm.com   914-784-7646

Received on Wednesday, 12 July 2000 11:34:19 UTC