- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Fri, 28 Jul 2000 14:45:08 -0400
- To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
In light of our recommending {Only What is "Seen" Should be Signed} AND
{"See" What is Signed} I have a question now that we have some more
implementation experience. When the document [1] below is signed, what is
Signed? If a PI references a style sheet, this could change the meaning of
the document being signed, is this change also signed?
1. If the document has Canonical XML applied, is the Infoset availble
through DOM/SAX that of the example XML instance with a PI Infoset node, or
the resulting (transformed) instance? If the infoset includes the changes,
we can easily satisfy the security requirements above be recommending
canonicalization.
2. Otherwise, we'd have to recommend that 'http://foo.example.com/bar.xslt'
also be included in a Signature Reference if we want to get bit by having
foo.example.com changing the stylesheet to affect the result after the
signature.
[1] Example (where bar.xslt changes the total amount value)
<?xml-stylesheet type="text/xml" href="http://foo.example.com/bar.xslt"?>
<html xsl:version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns="http://www.w3.org/TR/xhtml1/strict">
<head>
<title>Expense Report Summary</title>
</head>
<body>
<p>Total Amount: 5</p>
</body>
</html>
_________________________________________________________
Joseph Reagle Jr.
W3C Policy Analyst mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Friday, 28 July 2000 14:45:22 UTC