- From: Carl Ellison <cme@jf.intel.com>
- Date: Wed, 24 Jul 2002 17:34:38 -0700
- To: reagle@w3.org
- Cc: "XML Signature (W3C/IETF)" <w3c-ietf-xmldsig@w3.org>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 03:07 PM 7/24/2002 -0400, Joseph Reagle wrote: >On Wednesday 24 July 2002 01:13 pm, Carl Ellison wrote: >> We actually have devices that are resource constrained and need to >> do minimal canonicalization (as part of UPnP), but the way this >> recommendation is written, it suggests that the constrained device >> control its output. > >Is the constrained device generating a signature. If so, yes, it's >generating and controlling it's output. > >> In fact, if we have two devices, one powerful >> and doing C14-N and one constrained, it is the powerful one that >> has to make sure its output is canonicalized. > >I don't yet understand the scenario. We are using XML DSig to sign SOAP commands for UPnP. Each SOAP command is an XML structure. We aren't signing documents but rather messages (or parts of messages, to be more precise). In that case, you have a sender and a receiver. If the sender is powerful, it is generating the signature and controlling its output, but it has no reason to use anything but C14N. However, the receiver is limited in CPU power (and possibly memory) and needs to canonicalize the incoming message in order to verify the signature. That's the one that can't afford C14N. - Carl -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPT9HncxqBGb+WvJAEQKa7ACgnYn2ko9GbdZYsnfPQ8jsb+GTb2EAoIq/ 5/AfChm5h2u9P18kGj/niHmv =BV4q -----END PGP SIGNATURE----- +--------------------------------------------------------+ |Carl Ellison Intel Labs E: cme@jf.intel.com | |2111 NE 25th Ave T: +1-503-264-2900 | |Hillsboro OR 97124 F: +1-503-264-6225 | |PGP Key ID: 0xFE5AF240 C: +1-503-819-6618 | | 1FDB 2770 08D7 8540 E157 AAB4 CC6A 0466 FE5A F240 | +--------------------------------------------------------+
Received on Wednesday, 24 July 2002 20:41:22 UTC