XC14N problem with nested signatures from Anders Rundgren on 2005-06-20 (w3c-ietf-xmldsig@w3.org from April to June 2005)

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Mon, 20 Jun 2005 21:43:12 +0200
To: <w3c-ietf-xmldsig@w3.org>
Message-ID: <006401c575d0$4da78a00$8217a8c0@arport2v>

Dear list;
>From a security standard in progress:

 The current specification defines that all data must be sent in XC14N
form, and that no further transformations may be applied. This is however
only possible for non-nested data. Problems arise when one XML structure
is embedded into another XML structure, and both need to be signed
independently. Each individual XML structure must be canonicalized before
signing, This requires e.g. declaring all necessary namespaces in the
correct place in each XML structure.

The problem with XC14N is that as soon as one XML structure is embedded
into another, and they both use the same XML namespaces, the namespace
declarations get removed from the embedded fragment because they already
have been declared in the outer document.

The original intent behind the specification of the canonicalization
methods is that relying parties must not be required to perform XC14N on
incoming data. The reason is that the relying parties run under resource
limitations which prohibit memory or processor intensive operations. While
the specification in its current form states that all data must be sent in
XC14N form which would not make it necessary to perform XC14N on incoming
data, the effect of the described issue is that XC14N is still required to
verify embedded document fragments. This is also true if/when the embedded
fragment is saved for later use or forwarded to some other relying party.

XML excerpts:

<!-- Response message, shall be XC14N-ized -->
<complexType name="SignedResponse">
   <complexContent>
     <extension base="some-ns:Response">
       <sequence minOccurs="0">
         <element name="deviceID" type="some-ns:Identifier"/>
         <element name="nonce" type="some-ns:Nonce" minOccurs="0"/>
         <element name="signedElement" type="some-ns:SignedElement"
                  maxOccurs="unbounded" />
         <element name="signature" type="base64Binary"/>
       </sequence>
     </extension>
   </complexContent>
</complexType>

<complexType name="SignedElement">
   <sequence>
     <element name="dataToBeSigned" type="some-ns:Payload"/>
     <element name="signature" type="ds:SignatureType"/>
   </sequence>
</complexType>


Question: Is there a clean way of doing nested XML Signatures and then be able
to extract an inner signature that will validate on its own?

thanx
Anders Rundgren
Developer, mobile security solotions

Received on Monday, 20 June 2005 19:38:40 UTC