RE: Poll on Exclusive Canonicalization

> Right. As soon as you do the simplest thing, like wrapping one level
> of element around a signature or around an element with a signature as
> a descendent or around an element signed by a detached signature or
> removing one level of element around a signature or around an element
> with a signature or xml signed by a detached signature as a
> descendent, interoperability breaks, if namespaces are involved.
> 
> >Rather than mess with the 'mandatory' status we should 
> recognize that the
> >specification cannot mandate support for a specific canonicalization
> >algorithm and it is entirely wrong and unjustified to do so. 
> 
> Why? Wouldn't your argument apply equally well to the DER
> canonicalization of ASN.1? It's really a serialization of ASN.1 just
> like "CanonicalXML" is a serialization of XML. 

Actually, no, the DER canonicalization of ASN.1 is not actually part
of the ASN.1 spec, it is 'specified' in a ten line side note in the
X.509v1 spec.

DER canonicalization of ASN.1 is probably the single biggest reason
for the complexity of X.509 implementations. It is based on a premise
that is entirely wrong, X.509 certificates are not broken apart for
inclusion in the directory in any working commercial implementation.

DER canonicalization is for losers and the idea it embodies is. It
does not work, never has and never will. It adds 6 months to the
development of X.509 implementations and does nothing but subtract
value.


The purpose canonicalization in XML is entirely different, it allows 
the XML Signature engine to sit at a higher level in the XML stack
and process the DOM parse tree rather than the raw bytestream.


> Was it a mistake to standardize DER? 

Yes, total, complete and collosal. It was an utter failure.

X.509 (the spec in which DER is specified) would work much
better without it.


> Should interoperability of ASN.1 encoded signatures
> have been entirely an application/protocol responsibility so that for
> each protocol you would have had to figure out a
> canonicalization/serialization?

The only data structure to which DER encoding is generally applied 
is X.509. I am not aware of any X.509 implementation that relies on
the DER encoding being correct - which is just as well since most
of the imlementations are actually faulty. Very few certificates
actually have the SET OF constructions sorted into order.


> If canonicalization is required, as it clearly is for SignedInfo for
> XML applications, if there is no required C14N, there is no
> interoperability. 

There will be no interoperability in any case since what is specified
now DOES NOT WORK.

Case in point we have been doing interop tests with another vendor
and the failure of the C14N spec to provide for interoperability is
the holdup.


> In that case, I would question whether we have
> something that would qualify as an IETF standard anymore. Certainly
> you no longer have anything where you can expect implementations to
> interoperate.

The interoperability of XML Signature is irrelevant, the interoperability
of systems built on top of XML Signature is the only relevant issue.

No SOAP like system is going to be able to specify the current C14N,
ergo they will specify something else. Ergo whatever MUST you include
in the specification has no effect on the specifications that matter.


		Phill 

Received on Wednesday, 20 June 2001 10:26:04 UTC