RE: Canonicalization of <SignedInfo> for Reference Validation from Dournaee, Blake on 2001-07-05 (w3c-ietf-xmldsig@w3.org from July to September 2001)

From: Dournaee, Blake <bdournaee@rsasecurity.com>
Date: Thu, 5 Jul 2001 12:09:52 -0700
To: "'Joseph M. Reagle Jr.'" <reagle@w3.org>
Cc: "'w3c-ietf-xmldsig@w3.org'" <w3c-ietf-xmldsig@w3.org>
Message-ID: <E7B6CB80230AD31185AD0008C7EBC4D2DAEEF0@exrsa01.rsa.com>

Joesph,

Thank you for your explanation. It is helping me tremendously!

On a related note, it seems like encoding transforms (such as Base64 or
compression or anything that significantly permutes the input data) would
violate the "See what you sign" rule.

Are there any encoding transforms that are of use that *do not* violate this
in a significant way? It seems like transformations that removed syntactic
elements would be O.K. (like formatting tags, fonts, etc), but anything that
makes it hard for a person to discern (at a later time) that *this* is the
document that was signed would be a problem. 

Am I on the right track here?

Kind Regards,

Blake Dournaee
Toolkit Applications Engineer
RSA Security

"The only thing I know is that I know nothing" - Socrates

-----Original Message-----
From: Joseph M. Reagle Jr. [mailto:reagle@w3.org]
Sent: Thursday, July 05, 2001 11:36 AM
To: Dournaee, Blake
Cc: Dsig (E-mail)
Subject: Re: Canonicalization of <SignedInfo> for Reference Validation

At 14:10 7/5/2001, Dournaee, Blake wrote:
>I've been thinking about Section 3.2.1: Reference Validation and am not
>quite convinced that there is a real security reason for canonicalizing
><SignedInfo> for Reference Validation.

Hi Blake,

You're right, for Canonical XML there isn't much of a reason. *But* since
other canonicalizations can be used, in order to satisfy the "see what you
sign" (and its sister maxims) you should reference validate (see) what was
signed (canonical form.) An area where this might be important is where a
canonicalization algorithm rewrote URIs. Even something as innocuous as
absolutizing relative URIs (which was a point of debate with respect to
namespaces) could change what it is your signing.

Canonical XML doesn't make any such changes, and one could optimize
appropriately, but since the specification is generally written from an
algorithm independent point of view it includes that processing/warning.

--
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Thursday, 5 July 2001 15:10:05 UTC