Esoteric C14N and Security Cautions from Joseph Reagle on 2002-03-13 (w3c-ietf-xmldsig@w3.org from January to March 2002)

From: Joseph Reagle <reagle@mit.edu>
Date: Wed, 13 Mar 2002 18:17:12 -0500
To: "Bob Atkinson" <bobatk@Exchange.Microsoft.com>, "John Boyer" <JBoyer@PureEdge.com>, <reagle@w3.org>
Cc: <uddi-security@yahoogroups.com>, <w3c-ietf-xmldsig@w3.org>
Message-Id: <200203132317.SAA31994@tux.w3.org>

[I've changed the subject and trimmed the cc: since this thread deals with 
proposed text.]

On Tuesday 12 March 2002 20:50, Bob Atkinson wrote:
> I continue
> to think this to be an issue worthy of explicit note in with respect to
> canonicalization algorithms, not with respect to XML DSIG. 

During the Candidate Rec review I was asked that a Security 
Considerations text be added reiterating cautions about the choices made in 
subsetting and serializing a document [1]. (I'm still open to improvements 
on this text.) I've now added some text to the editors' draft [2], that I'm 
not yet satisfied with, to raise the "esoteric" nodeset issue as a specific 
example of the Security Considerations text. Comments from everyone are 
welcome!

[1] http://www.w3.org/TR/2002/CR-xml-exc-c14n-20020212#sec-Considerations

5. Security Considerations

This specification is used to serialize an XPath nodeset under certain 
assumptions given in [XML-C14N] and this specification. For example, 
implementations of [XML-C14N] do not render a document XML declaration; 
when implementations of this specification serialize a subset they do not 
render ancestor attributes from the "xml:" namespace. While we feel such 
choices are consistent with other XML specifications and satisfy our 
application requirements it is important that an XML application carefully 
construct its transforms such that the result is meaningful and unambigous 
in its application context. The Resolutions of [XML-C14N] and the Security 
Considerations of [XML-DSig] should be carefully attended to.

[2] http://www.w3.org/Signature/Drafts/xml-exc-c14n 
 $Revision: 1.52 $ on $Date: 2002/03/13 23:15:19 $ GMT 

5.1 "Esoteric" Nodesets

Consider an application that might use this specification or [XML-C14N] to 
serialize a single attribute node. Neither specification will automatically 
emit a namespace declaration for that single attribute node. Consequently, 
a "carefully constructed" transform should create a nodeset containing the 
attribute and the relevant namespace declaration for serialization.

We provide this example to caution that as one moves beyond well-formed 
[XML] and then well-balanced XML [XML-Fragment], it becomes increasingly 
difficult to create a result that "is meaningful and unambiguous in its 
application context."

Received on Wednesday, 13 March 2002 18:17:16 UTC