Re: URI Or Not? from Christian Geuer-Pollmann on 2002-05-17 (w3c-ietf-xmldsig@w3.org from April to June 2002)

From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Date: Fri, 17 May 2002 19:28:21 +0200
To: John Messing <jmessing@law-on-line.com>, w3c-ietf-xmldsig@w3.org
Message-ID: <42825840.1021663701@crypto>

Hi John,

--On Freitag, 17. Mai 2002 07:16 -0700 John Messing 
<jmessing@law-on-line.com> wrote:

> I find this thread to be very useful but it raises questions to me about
> the ultimate usefulness of xml dsig for signing objects.
>
> Because the spec is based upon signing references that are described in
> xml, even if no other xml is being signed and no other transforms may be
> necessary, the method requires cannonicalization, as Manoj's example
> demonstrates, which according to the interoperability results, degrades
> performance. (Even at the best reported result from John Boyer of .5
> second to sign, this seems acceptable only for atomic transactions and
> probably will not be acceptable for high traffic server transactions).

I guess there is a little misunderstanding: There are two scenarios which 
are mixed here:

1: Your scenario (if I understood right) is to sign an arbitrary binary 
file.

2: John's scenario with the 500 milli-seconds computation time refer to 
signing a large XML instance with complicated transforms.

The time it takes to create (or verify) an XML signature is composed of 
these:

a) the time to fetch the resource which is identified by the reference.

   1: In your case, this is easy: A binary file on the hard
      disk. Read access. Same time for ALL signature
      applications, regardless whether you use XML Signature,
      PGP or S/MIME
   2: If John identifies a node set via same-document URI, this takes
      longer: eventually, the XML must be parsed, and the nodes must be
      selected.

b) the time to mangle the de-referenced contents through eventually
   existing transforms:

   1: No transform in your example, so time=zero. This is the case
      also for PGP or S/MIME because they do not support the transforms
      mechanism
   2: Complicated transform in John's case. Time REQUIRED <= 500ms

c) the time to canonicalize the signed info:

   1: THIS is where PGP or S/MIME is maybe a little bit faster, because
      the digest of the signed resource is used as input for the public
      key algo.
   2: Time depends on how many references the SignedInfo contains, but
      my guess is about 1 milli-second or so.

d) the time for the signature or MAC algo

   1/2: same time as for PGP/S/MIME, because they also use RSA/DSA/ECDSA.

So you see, creating an S/MIME or PGP signature on a binary file takes the 
same time as creating an XML Signature (one reference, no transforms, same 
public-key-algo as the S/MIME-PGP-thing).


Regards,
Christian

Received on Friday, 17 May 2002 13:23:23 UTC