- From: <tgindin@us.ibm.com>
- Date: Wed, 12 Jul 2000 16:52:55 -0400
- To: Kevin Regan <kevinr@valicert.com>
- cc: Barb Fox <bfox@Exchange.Microsoft.com>, Ken Goldman <kgold@watson.ibm.com>, w3c-ietf-xmldsig@w3.org
Don't look now, but the KeyValue is described as mandatory to
implement. I don't think that that means that if a signer puts in an
X509Data they also will put in a KeyValue, nor even that they're supposed
to.
Tom Gindin
Kevin Regan <kevinr@valicert.com>@w3.org on 07/12/2000 02:02:51 PM
Sent by: w3c-ietf-xmldsig-request@w3.org
To: Barb Fox <bfox@Exchange.Microsoft.com>
cc: Ken Goldman <kgold@watson.ibm.com>, w3c-ietf-xmldsig@w3.org
Subject: RE: Questions/Comments for the current draft.
Ok, I did not see that the KeyValue was mandatory if a KeyInfo
was present. In this case, it is unambiguous as to what the
authentication key is.
--Kevin
On Wed, 12 Jul 2000, Barb Fox wrote:
> Ken:
>
> Looking at a broad range of applications, the wg decided that KeyInfo
> needed to be optional, but when present, could specify a number of
> different types including X.509 certificates. Further, we made the
> decision that XMLDsig signature verification should not require other
> than XML tools -- which includes ASN.1.
>
> If an application chooses to use an X.509 certificate as the only form
> of KeyInfo supporting a signature, then it probably also presumes that
> all verifiers will be able to process it. That's not a safe bet for many
> small XML-capable devices, which is why we chose KeyValue as mandatory
> to implement if KeyInfo is specified.
>
> --Barbara Fox
> Microsoft
> -----Original Message-----
> From: Ken Goldman [ mailto:kgold@watson.ibm.com
> <mailto:kgold@watson.ibm.com> ]
> Sent: Wednesday, July 12, 2000 7:02 AM
> To: w3c-ietf-xmldsig@w3.org
> Subject: Re: Questions/Comments for the current draft.
>
>
> I agree. My reaction when reading the DSIG specification for the
> first time was "how do I show a certificate chain."
>
> I'd sure like to see a certificate chain explicitely part of DSIG.
> But I've already been told that this is considered "outside DSIG, part
> of the application."
>
> My suspicion is that, in the real world, crypto verification pushed up
> to the application will be crypto verification ignored. The average
> application developer might make an API call to verify a document.
> Once the generic DSIG verifier comes back "true", the program goes on
> "fat, dumb, and happy" not knowing that the signature was verified
> against a forged public key.
>
> The least DSIG KeyInfo could do is explicitly warn the reader. As the
> specification reads now, the goal of flexibility is reached by being
> silent on a very important security issue.
>
> > Date: Tue, 11 Jul 2000 15:26:07 -0700
> > From: Kevin Regan <kevinr@valicert.com>
> >
> > Would it make sense to somehow delineate different chains within the
> > KeyInfo element? Rather than just having a hodgepodge of certificate
> > entries, would it be possible to group them in something like a
> > <X509CertificateChain> element (in the correct order)? As a user
> > (and implementer) of XML Signatures, it would be great to have a
> > well-defined way of representing the certificates/keys/certificate
> > chains that I would use to authenticate the signature. The KeyInfo
> > field is very flexible, but maybe a little less flexibility would go
> > a long way here... :-)
>
> --
> Ken Goldman kgold@watson.ibm.com 914-784-7646
>
>
Received on Wednesday, 12 July 2000 16:53:07 UTC