- From: Donald Eastlake 3rd <dee3@torque.pothole.com>
- Date: Sun, 6 Oct 2002 20:36:52 -0400 (EDT)
- To: "Pitt, Esmond" <pitte@anz.com>
- Cc: XML Signature <w3c-ietf-xmldsig@w3.org>
Like lots of things in XMLDSIG, it depends on your application. If signed XML is supposed to stand on its own, you need to have the signature also cover the schema. But if you have some protocol defined with a fixed schema that all senders and receivers known, you don't have to worry about this. Donald PS: See <ftp://ftp.ietf.org/internet-drafts/draft-eastlake-proto-doc-pov-04.txt> On Mon, 7 Oct 2002, Pitt, Esmond wrote: > Date: Mon, 7 Oct 2002 10:18:02 +1000 > From: "Pitt, Esmond" <pitte@anz.com> > To: XML Signature <w3c-ietf-xmldsig@w3.org> > Subject: FW: Schema & non-repudiation query > Resent-Date: Sun, 6 Oct 2002 20:19:22 -0400 (EDT) > Resent-From: w3c-ietf-xmldsig@w3.org > > > There was a discussion in this list around 1999 on this topic. How was it > finally resolved? > > The schema for a document is logically speaking part of the data that is > signed, because it is the source of the default attribute values. However it > is not necessarily physically present in the signed document. This leads to > an integriy problem: if the schema associated with a message is lost or > corrupted, the signature on the document becomes non-verifiable and legal > non-repudiation is lost. > > My question is, what kind of security regimes are people putting around XML > schemas associated with signed XML documents in practice? > > EJP > > > -- ====================================================================== Donald E. Eastlake 3rd dee3@torque.pothole.com 155 Beaver Street +1-508-634-2066(h) +1-508-851-8280(w) Milford, MA 01757 USA Donald.Eastlake@motorola.com
Received on Sunday, 6 October 2002 20:36:53 UTC