- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Thu, 05 Jul 2001 14:35:40 -0400
- To: "Dournaee, Blake" <bdournaee@rsasecurity.com>
- Cc: "Dsig (E-mail)" <w3c-ietf-xmldsig@w3.org>
At 14:10 7/5/2001, Dournaee, Blake wrote: >I've been thinking about Section 3.2.1: Reference Validation and am not >quite convinced that there is a real security reason for canonicalizing ><SignedInfo> for Reference Validation. Hi Blake, You're right, for Canonical XML there isn't much of a reason. *But* since other canonicalizations can be used, in order to satisfy the "see what you sign" (and its sister maxims) you should reference validate (see) what was signed (canonical form.) An area where this might be important is where a canonicalization algorithm rewrote URIs. Even something as innocuous as absolutizing relative URIs (which was a point of debate with respect to namespaces) could change what it is your signing. Canonical XML doesn't make any such changes, and one could optimize appropriately, but since the specification is generally written from an algorithm independent point of view it includes that processing/warning. -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Thursday, 5 July 2001 14:35:44 UTC