Re: minimal canonicalization from Ed Simon on 2002-07-24 (w3c-ietf-xmldsig@w3.org from July to September 2002)

From: Ed Simon <edsimon@xmlsec.com>
Date: Wed, 24 Jul 2002 15:27:26 -0400
To: "Rich Salz" <rsalz@datapower.com>, "Carl Ellison" <cme@jf.intel.com>
Cc: "XML Signature $W3C/IETF$" <w3c-ietf-xmldsig@w3.org>
Message-ID: <000901c23348$25b33a80$f2a0fea9@DJQC7111>

Oooh! My favourite topic...

First, RFC 3075 was obsoleted by RFC 3275 which thankfully says a lot less
about minimal canonicalization.

The problem I have with Rich's suggested text is that it drops the
precautions about interoperability and security.  There are major security
problems with minimal canonicalization and that is why its use for the
<SignedInfo> element is NOT RECOMMENDED.  See
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000JanMar/0226.html
for a hint at what I'm getting at.  Looking over that old email, I would
hasten to add that those naughty hackers would love throwing some worst case
scenarios at an XML Signature implmentation that uses minimal
canonicalization.

So what about constrained devices?  This is an interesting area but I think
it is quite possible to have both XML-aware canonicalization without
requiring the constrained devices to themselves be XML processors iff one
uses tightly constrained XML Signature templates tailored to the constrained
environment one is dealing with.  I think  I wrote an email detailing this
approach; if I find it, I'll post it.

Regards, Ed
----------------------------------------------------------------------------
-------------------------------------------
Ed Simon
<edsimon@xmlsec.com>
(613) 726-9645
XMLsec Inc.

Interested in XML Security Training and Consulting services?  Visit
"www.xmlsec.com".
----- Original Message -----
From: "Rich Salz" <rsalz@datapower.com>
To: "Carl Ellison" <cme@jf.intel.com>
Cc: "XML Signature (W3C/IETF)" <w3c-ietf-xmldsig@w3.org>
Sent: Wednesday, July 24, 2002 1:30 PM
Subject: Re: minimal canonicalization


>
> It is sad that there are five C14N algorithms (minimal, c14n c14n
> w/comments, excl, excl w/comments).  Judging by experience with multiple
> hashing algorithms, this will lead to interoperability hassles.
>
> My suggestion is actually to deprecate c14n in favor of excl.
>
> You're totally right about the wording error; it should say that "We
> RECOMMEND that applications that need to communicate with resource
> constrained applications use minimal c14n."
> /r$
>
>

Received on Wednesday, 24 July 2002 15:27:51 UTC