Re: Processing model for ds:Reference/@Type from Christian Geuer-Pollmann on 2001-10-18 (w3c-ietf-xmldsig@w3.org from October to December 2001)

From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Date: Thu, 18 Oct 2001 09:41:33 +0200
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc: w3c-ietf-xmldsig@w3.org
Message-id: <2670713731.1003398093@pinkpanther>

Hi Donald,

I understood that processing of Manifests or referenced References is up to 
the implementation. I only wanted to hear about what other implementors do. 
There could be multiple scenarios:

- Only make core validation as described in the
  spec (we don't follow Manifests)
- validate all referenced Manifests
- validate all referenced Manifests if they reside
  in the same document where the Signature was
- validate all referenced Manifests and References
- validate all referenced Manifests and References
  if they reside in the same document where the
  Signature was
- validate all referenced Manifest till a given depth
  (if a SignedInfo/Reference points to a Manifest
  which points to a Manifest which points to a Manifest
  which points to a Manifest, only go e.g. 2 leveles deep)

You can extend this to an arbitrary amount of different "flavours" in 
Signature validation processing rules. Basically, I see these:

- validate everything regardless of the depth
- validate till a user-supplied depth.

I know, this is application specific and that we don't mention it in the 
spec. I only wanted to hear what other implementors did and/or what users 
wish.

Christian

--On Mittwoch, 17. Oktober 2001 20:55 -0400 "Donald E. Eastlake 3rd" 
<dee3@torque.pothole.com> wrote:

> Hi,
>
> Whether to process Manifests, what to do if one or more items in the
> Manifest fails Reference validation, whether to chase down Manifests
> pointed to by Manifests, etc., is all application dependent.  It would
> be reasonable, in my opinion, for an application to only process
> Manifests where the Reference has a Manifest type attribute, in which
> case you would need to generate signatures where the Reference URI
> points directly at the Manifest (rather than, say, an encompassing
> Object) and specify the Manifest type, if you want that Manifest
> checked. But applications are not required to behave in this way.
>
> Donald
>
> From:  Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
> Date:  Tue, 09 Oct 2001 19:12:45 +0200
> To:  w3c-ietf-xmldsig@w3.org
> Message-ID:  <1927385181.1002654765@pinkpanther>
>
>> Hi all,
>>
>> The Type attribute of a ds:Reference can contain the Type of a Reference
>> like
>>
>> Type="http://www.w3.org/2000/09/xmldsig#Object"
>>
>> or
>>
>> Type="http://www.w3.org/2000/09/xmldsig#Manifest"
>>
>> . Does there exist a proposed processing model how verification is done
>> on  that? From what I see,  there exist two different ways:
>>
>> 1: I ignore this type information and do only core validation:
>> SignatureValue and the SignedInfo
>>
>> 2: I try to follow and verify all nested Manifests (if
>> Type="&ds;Manifest").
>>
>> But what processing should happen if the Type is #Reference or #Object?
>>
>> Christian

Received on Thursday, 18 October 2001 03:39:18 UTC