RE: Questions/Comments for the current draft. from Kevin Regan on 2000-07-12 (w3c-ietf-xmldsig@w3.org from July to September 2000)

From: Kevin Regan <kevinr@valicert.com>
Date: Wed, 12 Jul 2000 11:02:51 -0700 (PDT)
To: Barb Fox <bfox@Exchange.Microsoft.com>
Cc: Ken Goldman <kgold@watson.ibm.com>, w3c-ietf-xmldsig@w3.org
Message-id: <Pine.SOL.4.21.0007121101210.3595-100000@bugs.valicert.com>

Ok, I did not see that the KeyValue was mandatory if a KeyInfo
was present.  In this case, it is unambiguous as to what the
authentication key is.

--Kevin


On Wed, 12 Jul 2000, Barb Fox wrote:

> Ken: 
> 
> Looking at a broad range of applications, the wg decided that KeyInfo
> needed to be optional, but when present, could specify a number of
> different types including X.509 certificates.  Further, we made the
> decision that XMLDsig signature verification should not require other
> than XML tools -- which includes ASN.1. 
> 
> If an application chooses to use an X.509 certificate as the only form
> of KeyInfo supporting a signature, then it probably also presumes that
> all verifiers will be able to process it. That's not a safe bet for many
> small XML-capable devices, which is why we chose KeyValue as mandatory
> to implement if KeyInfo is specified.  
> 
> --Barbara Fox 
> Microsoft 
> -----Original Message----- 
> From: Ken Goldman [ mailto:kgold@watson.ibm.com
> <mailto:kgold@watson.ibm.com> ] 
> Sent: Wednesday, July 12, 2000 7:02 AM 
> To: w3c-ietf-xmldsig@w3.org 
> Subject: Re: Questions/Comments for the current draft. 
> 
> 
> I agree.  My reaction when reading the DSIG specification for the 
> first time was "how do I show a certificate chain." 
> 
> I'd sure like to see a certificate chain explicitely part of DSIG. 
> But I've already been told that this is considered "outside DSIG, part 
> of the application." 
> 
> My suspicion is that, in the real world, crypto verification pushed up 
> to the application will be crypto verification ignored.  The average 
> application developer might make an API call to verify a document. 
> Once the generic DSIG verifier comes back "true", the program goes on 
> "fat, dumb, and happy" not knowing that the signature was verified 
> against a forged public key. 
> 
> The least DSIG KeyInfo could do is explicitly warn the reader.  As the 
> specification reads now, the goal of flexibility is reached by being 
> silent on a very important security issue. 
> 
> > Date: Tue, 11 Jul 2000 15:26:07 -0700 
> > From: Kevin Regan <kevinr@valicert.com> 
> > 
> > Would it make sense to somehow delineate different chains within the 
> > KeyInfo element? Rather than just having a hodgepodge of certificate 
> > entries, would it be possible to group them in something like a 
> > <X509CertificateChain> element (in the correct order)?  As a user 
> > (and implementer) of XML Signatures, it would be great to have a 
> > well-defined way of representing the certificates/keys/certificate 
> > chains that I would use to authenticate the signature.  The KeyInfo 
> > field is very flexible, but maybe a little less flexibility would go 
> > a long way here... :-) 
> 
> -- 
> Ken Goldman   kgold@watson.ibm.com   914-784-7646 
> 
>

Received on Wednesday, 12 July 2000 14:02:54 UTC