- From: Hiroshi Maruyama <MARUYAMA@jp.ibm.com>
- Date: Fri, 30 Mar 2001 18:23:50 +0900
- To: xml-encryption@w3.org, <w3c-ietf-xmldsig@w3.org>
- Cc: Andy_Clark/Santa_Teresa/IBM <Andy_Clark/Santa_Teresa/IBM@jp.ibm.com>
One thing that we noticed as problematic when looking at
signature/encryption
is the treatment of xml:lang and xml:space in
C14N, if we use C14N for serialization. C14N requires you to "push" the
nearest
xml:lang and xml:space declarations in the outer context into the C14Ned
form.
For example, canonicalizing the <bar/> element in
<foo xml:lang='JA">
<bar />
</foo>
will yield
<bar xml:lang="JA"/>.
Now, consider a sign-and-then-encrypt scenario for the following document.
<el2sign xml:lang="JA">
<el2enc>secret</el2enc>
</el2sign>
where <el2sign> is signed and then <el2enc> is encrypted. If we use C14N
before encrypting <el2enc>, it will be converted to
<el2enc xml:lang="JA">secret</el2enc>
and consequently, after decryption the signature verifier will see
<el2sign xml:lang="JA">
<el2enc xml:lang="JA">secret</el2enc>
</el2sign>
Unfortunately, C14Ning this will not remove the duplicate xml:lang
declaration
in <el2enc>. Therefore, the signature does not verify.
***
We rather think this is due to lack of consistency in C14N. If C14N
treats "xml:lang in effect" rather than "xml:lang declarations" as
significant, it should remove redundant xml:lang declarations. If C14N
thinks "xml:lang declarations" significant, it should not copy
outer declaration into C14Ned element.
Incidentally, C14N is consistent in treatment of namespace declarations -
it always treats "in-scope namespaces" only and redundant
namespace declarations are removed.
Because C14N is already fixed, I do not think we can use C14N
as serialization of encrypted data. We are trying to define a
serialization
that would preserve the declarations as they appear in the original
document.
Hiroshi
--
Hiroshi Maruyama
Manager, Internet Technology, Tokyo Research Laboratory
+81-46-215-4576
maruyama@jp.ibm.com
From: "Joseph M. Reagle Jr." <reagle@w3.org>@w3.org on 2001/03/30 04:15
Please respond to "Joseph M. Reagle Jr." <reagle@w3.org>
Sent by: xml-encryption-request@w3.org
To: Takeshi Imamura/Japan/IBM@IBMJP
cc: "XML Encryption WG " <xml-encryption@w3.org>, Hiroshi
Maruyama/Japan/IBM@IBMJP
Subject: Re: XML Encryption Data/Processing Model
At 19:33 3/29/2001 +0900, Takeshi Imamura wrote:
>The serialization is not so sensitive if only encryption is performed.
>However, that may not be true if both encryption and signature are
>performed on a document. For example, suppose that a user signs and then
>encrypts a document, where he defines and uses his own serialization which
>does not preserve information set. Another user will fail in verifying
the
>signature because the original document cannot be retrieved. For such
>reason, I think we should define at least a serialization for information
>set.
Very good point, I added that to the text in that section. However, I don't
think the Infoset or DOM data models lack anything required by Canonical
XML. (The part of XPath data model used by Canonical XML is a subset of
both
DOM and Infoset, right?) Even if this is the case (doesn't necessitate the
use of Infoset or DOM), do you have a preference between the two?
__
Joseph Reagle Jr. http://www.w3.org/People/Reagle/
W3C Policy Analyst mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature
W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Friday, 30 March 2001 04:23:57 UTC