- From: merlin <merlin@baltimore.ie>
- Date: Fri, 18 May 2001 11:45:48 +0100
- To: "John Boyer" <JBoyer@PureEdge.com>
- Cc: "Joseph M. Reagle Jr." <reagle@w3.org>, "Rob Lugt" <roblugt@elcel.com>, w3c-ietf-xmldsig@w3.org
Hi,
While it may be true that many apps will not need to move signatures
from context to context, many may (unwittingly) do so. For example,
when transporting signed documents over SOAP to remote Web services.
I think an editors' note should explicitly state that, in situations
like this, signatures must either be computed in their final context,
or they must be separated from any new context before verification.
I'd also like to establish whether the latter is even possible.
Because if it is not, then the editors' note should recommend that
signatures _must_ be computed in their final context.
I know this is just pedantic and is abundantly clear to us, but I've
already encountered interop problems as a result of this, so I'd
like to see it made explicit in our spec.
Take the following signature containing an embedded SOAP envelope:
<Signature xmlns="&dsig;">
... <soap:Envelope xmlns:soap="&soap;">...</soap:Envelope> ...
</Signature>
Embed it in a SOAP envelope for transport to a Web service:
<soap:Envelope xmlns:soap="&soap;">
... <Signature xmlns="&dsig;">
... <soap:Envelope xmlns:soap="&soap;">...</soap:Envelope> ...
</Signature> ...
</soap:Envelope>
According to XPath, this is identical to:
<soap:Envelope xmlns:soap="&soap;">
... <Signature xmlns="&dsig;">
... <soap:Envelope>...</soap:Envelope> ...
</Signature> ...
</soap:Envelope>
I'm not sure that an XML parser is required to distinguish
between these two documents. If it is not, then there is
no way to extract this signature from its new context. In
this case, we should make this clear to potential users of
dsig.
Merlin
r/JBoyer@PureEdge.com/2001.05.17/09:03:01
>
>
>Hi Joseph,
>
><joseph>
>If we expect interopability over such ported signatures, should we amend
>the
>spec with any text to this end?
></joseph>
>
>A lot of applications won't need to remove a signature from its original
>location, but it could be useful to add an editors' note to say that
>moving such signatures to a different context can break a signature due
>to a change of namespace context, and perhaps that this is necessary due
>to the impossibility of assessing the namespaces in use by the signed
>content.
>
>John Boyer
>Senior Product Architect, Software Development
>Internet Commerce System (ICS) Team
>PureEdge Solutions Inc.
>Trusted Digital Relationships
>v: 250-708-8047 f: 250-708-8010
>1-888-517-2675 http://www.PureEdge.com <http://www.pureedge.com/>
>
>
-----------------------------------------------------------------------------
Baltimore Technologies plc will not be liable for direct, special, indirect
or consequential damages arising from alteration of the contents of this
message by a third party or as a result of any virus being passed on.
In addition, certain Marketing collateral may be added from time to time to
promote Baltimore Technologies products, services, Global e-Security or
appearance at trade shows and conferences.
This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.
http://www.baltimore.com
Received on Friday, 18 May 2001 06:46:24 UTC