- From: Phillip Hallam-Baker <pbaker@verisign.com>
- Date: Wed, 20 Jun 2001 07:25:42 -0700
- To: "'Donald E. Eastlake 3rd'" <dee3@torque.pothole.com>, Phillip Hallam-Baker <pbaker@verisign.com>
- Cc: w3c-ietf-xmldsig@w3.org
- Message-ID: <2F3EC696EAEED311BB2D009027C3F4F40154C9A2@vhqpostal.verisign.com>
> Right. As soon as you do the simplest thing, like wrapping one level > of element around a signature or around an element with a signature as > a descendent or around an element signed by a detached signature or > removing one level of element around a signature or around an element > with a signature or xml signed by a detached signature as a > descendent, interoperability breaks, if namespaces are involved. > > >Rather than mess with the 'mandatory' status we should > recognize that the > >specification cannot mandate support for a specific canonicalization > >algorithm and it is entirely wrong and unjustified to do so. > > Why? Wouldn't your argument apply equally well to the DER > canonicalization of ASN.1? It's really a serialization of ASN.1 just > like "CanonicalXML" is a serialization of XML. Actually, no, the DER canonicalization of ASN.1 is not actually part of the ASN.1 spec, it is 'specified' in a ten line side note in the X.509v1 spec. DER canonicalization of ASN.1 is probably the single biggest reason for the complexity of X.509 implementations. It is based on a premise that is entirely wrong, X.509 certificates are not broken apart for inclusion in the directory in any working commercial implementation. DER canonicalization is for losers and the idea it embodies is. It does not work, never has and never will. It adds 6 months to the development of X.509 implementations and does nothing but subtract value. The purpose canonicalization in XML is entirely different, it allows the XML Signature engine to sit at a higher level in the XML stack and process the DOM parse tree rather than the raw bytestream. > Was it a mistake to standardize DER? Yes, total, complete and collosal. It was an utter failure. X.509 (the spec in which DER is specified) would work much better without it. > Should interoperability of ASN.1 encoded signatures > have been entirely an application/protocol responsibility so that for > each protocol you would have had to figure out a > canonicalization/serialization? The only data structure to which DER encoding is generally applied is X.509. I am not aware of any X.509 implementation that relies on the DER encoding being correct - which is just as well since most of the imlementations are actually faulty. Very few certificates actually have the SET OF constructions sorted into order. > If canonicalization is required, as it clearly is for SignedInfo for > XML applications, if there is no required C14N, there is no > interoperability. There will be no interoperability in any case since what is specified now DOES NOT WORK. Case in point we have been doing interop tests with another vendor and the failure of the C14N spec to provide for interoperability is the holdup. > In that case, I would question whether we have > something that would qualify as an IETF standard anymore. Certainly > you no longer have anything where you can expect implementations to > interoperate. The interoperability of XML Signature is irrelevant, the interoperability of systems built on top of XML Signature is the only relevant issue. No SOAP like system is going to be able to specify the current C14N, ergo they will specify something else. Ergo whatever MUST you include in the specification has no effect on the specifications that matter. Phill
Attachments
- application/octet-stream attachment: Phillip_Hallam-Baker__E-mail_.vcf
Received on Wednesday, 20 June 2001 10:26:04 UTC