Misleading sentence in 3.2.1 Reference Validation from Christian Geuer-Pollmann on 2001-10-16 (w3c-ietf-xmldsig@w3.org from October to December 2001)

From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Date: Tue, 16 Oct 2001 08:39:41 +0200
To: reagle@w3.org
Cc: w3c-ietf-xmldsig@w3.org
Message-id: <2494201376.1003221581@pinkpanther>

Hi Joseph,
hi all,

I know that we shouldn't apply big changes to the XML Signature spec to get 
it come fast through the standards process. But I think there's a sentence 
in the spec that probably adds confusion. The thread [1] also shows this.

In section 3.2.1 Reference Validation, the first bulleted item says:

   "Canonicalize the SignedInfo element based on the
    CanonicalizationMethod in SignedInfo."

After that, we don't say anything about what appens with these octets. Then 
we process the references. I think that we should delete this sentence, 
because

1: we don't give a guideline what to do with the bytes
2: AFAIK it does not make sense at this place
3: c14n of ds:SignedInfo is done in 3.2.2 Signature Validation, second step.

In my implementation, I tried to interpret the sentence in question the 
following way: When I am asked to verify a ds:Signature, I work on a DOM 
structure. I canonicalize ds:SignedInfo, reparse it into a new document and 
replace the original not-canonicalized ds:SignedInfo by the re-parsed 
canonicalized one.

From implementations point of view, this is complicated and error-prone and 
did not word very safe _AND_ I didn't heard that any of the other 
implementations makes something like this.

So why do we have such a sentence of canonicalizing prior ro reference 
validation? The only reason that would make sense would be a security 
problem that would arise if I process an not-c14nized SignedInfo, e.g. if 
an attacker can modify the AlgorithmURI of a Signature method or other 
things that would semantically change the SignedInfo. But I don't see 
changes would make sense and would not break the reference processing.

So my vote is: could we please delete this sentence and change the section 
to:

--------------------
3.2.1 Reference Validation

1: For each Reference in SignedInfo:

2. Obtain the data object to be digested.
   (For example, the signature application
   may dereference the URI and execute Transforms
   provided .......
--------------------

Christian

[1] 
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0026.html
 
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0030.html

Received on Tuesday, 16 October 2001 02:37:27 UTC