RE: Poll: Limiting KeyValue to a single Instance? from Joseph M. Reagle Jr. on 2001-02-24 (w3c-ietf-xmldsig@w3.org from January to March 2001)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Fri, 23 Feb 2001 19:39:11 -0500
To: Brian LaMacchia <bal@microsoft.com>
Cc: Blair Dillaway <blaird@microsoft.com>, "'Carl Ellison'" <cme@acm.org>, "'TAMURA Kent'" <kent@trl.ibm.co.jp>, "'w3c-ietf-xmldsig@w3.org'" <w3c-ietf-xmldsig@w3.org>, "'kent@trl.ibm.co.jp'" <kent@trl.ibm.co.jp>, "'cwallace@erols.com'" <cwallace@erols.com>
Message-Id: <4.3.2.7.2.20010223191851.02b6ed10@rpcp.mit.edu>

As an exercise, I just quickly went through the Editor's [1] copy and 
highlighted (<span class=".discuss"/>) those portions of the text that state 
that "Multiple declarations within KeyInfo refer to the same key" so as to 
have a sense of what we would have to loosen *if* we decided to loose that 
semantic.

There's been two semantics of KeyInfo we've been discussing. First, this 
issue of whether all the information in a KeyInfo pertains to a single key. 
Second, whether the key is for signature validation.

On the first question, as the requirements stated this WG was only doing 
simple signature validation, we were obviously and exclusively concerned 
with providing information to find the key to do the job. Other information 
might be provided (particularly in the X509 structures) for trust decisions 
but that was out of scope and concern for this spec. So we defined the 
semantic between the children of KeyInfo and their parent as "properties" of 
a single key. (The counter argument is that this semantic should merely be 
one of a bag or collection of key stuff with no particular relation between 
themselves or their parent.) People that use our KeyInfo structure need to 
understand and will take advantage of the semantic we define between KeyInfo 
and its children, so we need to get that straight.

On the second question, clearly the intent of KeyInfo as a child of 
Signature is for signature validation. If it's a child of some other element 
(like EncryptedData) its intent is defined by its parent (EncryptedData). So 
I'm not worried about that, or needing to reconsider prose in KeyInfo about 
"signature validation."

So to return to the first question, I'll ask you folks a question:

1. Who wants to take advantage of the "singular key semantic" whereby:
   <KeyInfo><KeyName>joe</KeyName><KeyValue>123</KeyValue></KeyInfo>
Means "there is some key with KeyName=joe and KeyValue=123."?

2. Who wants to take advantage of the "generic key semantic" whereby the 
same structure above merely means "here's some information about keys."?

Regardless of this question, my present inclination from a stable/editorial 
point of view is not to have to go through the spec tweaking this 
substantive text though I certainly appreciate the scenario for option 2. 
But let's here what people have to say!

__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Friday, 23 February 2001 19:41:03 UTC