Re: Comments on 22 June Version... from Donald E. Eastlake 3rd on 2001-06-26 (w3c-ietf-xmldsig@w3.org from April to June 2001)

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Tue, 26 Jun 2001 07:30:31 -0400
To: "Dournaee, Blake" <bdournaee@rsasecurity.com>
cc: "'Joseph M. Reagle Jr.'" <reagle@w3.org>, w3c-ietf-xmldsig@w3.org
Message-Id: <200106261130.HAA0000078834@torque.pothole.com>

From:  "Dournaee, Blake" <bdournaee@rsasecurity.com>
Message-ID:  <E7B6CB80230AD31185AD0008C7EBC4D2DAEE85@exrsa01.rsa.com>
To:  "'Joseph M. Reagle Jr.'" <reagle@w3.org>,
            "Donald E. Eastlake 3rd"
    	 <dee3@torque.pothole.com>
Cc:  w3c-ietf-xmldsig@w3.org, Brian LaMacchia <bal@microsoft.com>
Date:  Tue, 26 Jun 2001 01:19:17 -0700

>Hello All,
>
>I have a comment/question on the latest Dsig Recommendation. In section
>4.3.3.1 (The URI Attribute), the following sentence seems to contradict the
>usage of the "http://www.w3.org/2000/09/xmldsig#Manifest Type identifier in
>a URI element:
>
>"The Type attribute applies to the item being pointed at, not its contents."
>
>That is, if the above sentence were true, then there should only be a type
>identifier for <Object> (e.g. "http://www.w3.org/2000/09/xmldsig#Object") -
>this is because a <Manifest> element lives inside an <Object> element, so it
>should refer to the type (Object), not the contents (Manifest). This also
>would coincide with the comment in the end of section 4.3.3.1 about the
>proper way to identify a <SignatureProperties> element.

Manifest only has to be inside Object when you have an enveloping
signature, i.e., the Manifest is inside a Signature.  There is no
reason you can't have Manifest or SignatureProperties floating around
elsewhere outside Signature in you document and point to it from a
Reference.

Even if you put Manifest inside Object inside Signature, I don't think
there is any restriction against pointing your Reference directly to
the Manifest.

>Finally, if no explicit validation of the "Type" information is required,
>why even bother putting the restriction there in the first place? It seems
>like a restriction is suggested (which appears to me to be somewhat
>contradictory) and then subsequently nullified by not including a
>well-defined means to enforce the restriction (e.g. Explicitly saying that
>the information will not be validated anyway).

It's a voluntary efficiency measure. Things like SignatureProperties
have no effect on the cryptographic core validation processes but some
code to check them might want to not bother chasing down a Reference
unless it has a hint there may be SignatureProperties there.  Some
References could be expensive/impossible to de-reference.  Similarly,
since its an application thing if/when/how you check Manifests, an
application might want to use the Type hint as to whether or not to
see if some Reference is actually to a Manifest...

>Please be sure to set me straight if I am off the wall on any of this! :)
>
>Kind Regards,
>
>Blake Dournaee
>Toolkit Applications Engineer
>RSA Security
>
>"The only thing I know is that I know nothing" - Socrates

Thanks,
Donald

Received on Tuesday, 26 June 2001 07:31:29 UTC