RE: C14N Argument from Dournaee, Blake on 2001-07-25 (w3c-ietf-xmldsig@w3.org from July to September 2001)

From: Dournaee, Blake <bdournaee@rsasecurity.com>
Date: Wed, 25 Jul 2001 15:49:01 -0700
To: "'John Boyer'" <JBoyer@PureEdge.com>, "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: w3c-ietf-xmldsig@w3.org
Message-ID: <E7B6CB80230AD31185AD0008C7EBC4D2DAEFCA@exrsa01.rsa.com>

John,

Can you think of a possible example? I'm not even sure where this would fit
in at this point. 

Canonicalization is a very expensive operation for XML Signatures, and if it
is left as an acceptable transform without much further explanation I am
guessing that it will be used unnecessarily, further slowing down practical
implementations.

Blake Dournaee
Toolkit Applications Engineer
RSA Security
 
"The only thing I know is that I know nothing" - Socrates
 
 


-----Original Message-----
From: John Boyer [mailto:JBoyer@PureEdge.com]
Sent: Wednesday, July 25, 2001 3:07 PM
To: Dournaee, Blake; Joseph M. Reagle Jr.
Cc: w3c-ietf-xmldsig@w3.org
Subject: RE: C14N Argument




Hi Blake,

It could be useful, now or in the future, to put another transform after
c14n.

John Boyer
Senior Product Architect, Software Development
Internet Commerce System (ICS) Team
PureEdge Solutions Inc. 
Trusted Digital Relationships
v: 250-708-8047  f: 250-708-8010
1-888-517-2675   http://www.PureEdge.com <http://www.pureedge.com/>  	
 	


-----Original Message-----
From: Dournaee, Blake [mailto:bdournaee@rsasecurity.com]
Sent: Wednesday, July 25, 2001 1:47 PM
To: 'Joseph M. Reagle Jr.'
Cc: 'w3c-ietf-xmldsig@w3.org'
Subject: C14N Argument


Hello All,

There is something that I have been pondering about XML Signatures.
Specifically, the current Candidate Rec allows for the use of Canonical
XML
as a transform in the "transformation pipeline" above and beyond the use
of
C14N to convert any node-set to octets. 

Consider this Argument:

1. If a Reference is to be processed as "XML" (node-set), it will be
canonicalized implicitly when the node-set is converted to octets at the
end
of the transformation pipeline. 

2. If a Reference is to be processed as octets, canonicalization is
meaningless, since we don't know what the file format is anyhow

3. C14N, when used as a part of the transformation pipeline is
redundant.

Is there some exception to my argument here? What is missing?

Kind Regards,


Blake Dournaee
Toolkit Applications Engineer
RSA Security
 
"The only thing I know is that I know nothing" - Socrates

Received on Wednesday, 25 July 2001 18:45:55 UTC