RE: Poll on Exclusive Canonicalization from John Boyer on 2001-06-20 (w3c-ietf-xmldsig@w3.org from April to June 2001)

From: John Boyer <JBoyer@PureEdge.com>
Date: Wed, 20 Jun 2001 11:40:16 -0700
To: "Phil Griffin" <phil.griffin@asn-1.com>, "Phillip Hallam-Baker" <pbaker@verisign.com>
Cc: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <7874BFCCD289A645B5CE3935769F0B520C33F4@tigger.PureEdge.com>

An alternate subject might be "You must, in some sense, be kidding" or
"Exclusive Canonicalization:  A trivial problem", which is actually the
title of my next email.

Some of these statements about XML C14N would be funny were it not for
the annoying penchant for their authors to be only in partial command of
the facts.

Phil Hallam-Baker: "C14N algorithm does not satisfy the requirement that
nodes be signable individually and independently."

John: Absolutely wrong. Firstly, please read the XMLDSig requirements,
as this is not one of them.  Secondly, C14N takes a node-set!!!  ANY
subset of the document can be canonicalized.  The problem is  that
XMLDSig specifies no way to do an XPath on SignedInfo.  If such were
done, any unwanted namespace nodes could be omitted from the canonical
form.

Phil Hallam-Baker: "There will be no interoperability in any case since
what is specified
now DOES NOT WORK.  Case in point we have been doing interop tests with
another vendor
and the failure of the C14N spec to provide for interoperability is the
holdup."

John: Again, the C14N spec allows the signature of any subset of a
document.  You have confused a shortcoming of C14N with a shortcoming of
XMLDSig.  Moreover, even with the current XML DSig design, it is
possible to sign protocol messages.  The fact that some are not able to
resolve conflicts between their protocol message design and the design
of XML DSig does not result in the conclusion that C14N is deficient.

Phil Griffin: "... converting arbitrary ASN.1 encodings into the DER
canonical form. C14N does not seem capable of doing that to an arbitrary
XML document."

John: Aside from a few exceptional cases **that are documented in the
spec and have nothing to do with the current thread**, this is
absolutely incorrect.  The problem is that some are taking an XML
document subset out of one context and dumping its representative text
into some other context, which actually changes to a *different*
document subset and therefore breaks the signature.  

The current discord is not because c14n doesn't canonicalize XML but
rather because it does so all too well, thereby preventing them from
breaking a document in ways that *they know* have no effect but which
are difficult or impossible to completely assess without knowledge
beyond that which can be obtained purely from the XML vantage point.

===========================

I'm tiring of this exercise, so I won't make any other choice selections
from the recent literature.

John Boyer
Senior Product Architect, Software Development
Internet Commerce System (ICS) Team
PureEdge Solutions Inc. 
Trusted Digital Relationships
v: 250-708-8047  f: 250-708-8010
1-888-517-2675   http://www.PureEdge.com <http://www.pureedge.com/>

Received on Wednesday, 20 June 2001 14:40:37 UTC