Re: Canonicalization of <SignedInfo> for Reference Validation

At 14:10 7/5/2001, Dournaee, Blake wrote:
>I've been thinking about Section 3.2.1: Reference Validation and am not
>quite convinced that there is a real security reason for canonicalizing
><SignedInfo> for Reference Validation.

Hi Blake,

You're right, for Canonical XML there isn't much of a reason. *But* since 
other canonicalizations can be used, in order to satisfy the "see what you 
sign" (and its sister maxims) you should reference validate (see) what was 
signed (canonical form.) An area where this might be important is where a 
canonicalization algorithm rewrote URIs. Even something as innocuous as 
absolutizing relative URIs (which was a point of debate with respect to 
namespaces) could change what it is your signing.

Canonical XML doesn't make any such changes, and one could optimize 
appropriately, but since the specification is generally written from an 
algorithm independent point of view it includes that processing/warning.


--
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Thursday, 5 July 2001 14:35:44 UTC