Re: SHOULD / MUST see what was signed

At 14:12 8/4/2000 -0400, Don Davis wrote:
> > a signed document's human-interpretable representation
> > must have three essential properties:
> >        *  "see what's signed:" ...
> >        *  portability:  ...
> >        *  stability:  ...

At 05:11 PM 8/8/00 -0700, Joseph M. Reagle Jr. replied:
>I think these properties are important and belong in signature legislation
>and/or application policies when they define the context of their
>application.

while i accept that the XML-Sig spec cannot enforce these properties,
i suggest that some yet-to-be-defined XML layer will have to do so.
it's not sufficient for legislation and applications to take care of this,
because it's XML's richness that makes human-readable XML signatures
complicated.  i'm particularly concerned that application vendors, lacking
a higher-level "XML signed-doc't" specification that helps them navigate
these waters, will find secure but nonstandard ways to prepare signatures
for complicated XML documents.  then, those vendors and their customers
will get left out in the cold, when a higher-level signature standard for XML
becomes complete.

> it is possible that the specification isn't doing a good a job as it
> could be of communicating that direction to others ... 
> I think it would be a good idea to perhaps include a sentence ight up
> front (maybe in the introduction) stating our intent: that this specification
> provides an component that is necessary but not sufficient nor complete
> component of using XML to communicate legally binding semantics
> between users, with a reference to section 8: Security Considerations.
>...
> what do people think of a paragraph along the lines as the one
> added [2] below:
>
>[2] http://www.w3.org/TR/2000/WD-xmldsig-core-20000711/#sec-Introduction
>
>1.0 Introduction
>...
>/+This specification defines a method of associating a key with referenced
>data (octets); it does not normatively specify how keys are associated with
>persons or institutions, nor the meaning of the data being referenced and
>signed. Consequently, while this specification is an important component of
>secure XML applications, it itself is not sufficient to address all
>application security/trust concerns, particularly with respect to using
>signed XML (or other data formats!) as a basis of human-to-human
>communication and agreement. Such an application must specify additional
>key, algorithm, processing and rendering requirements. For further
>information, please see Section 8: Security Considerations. +/


i'd be glad to see these sentences added to the spec.  

								- don davis, boston





-

Received on Wednesday, 16 August 2000 14:46:50 UTC