Re: IETF Signed-XML BOF Notes from Phillip hallam-Baker on 1999-04-05 (w3c-xml-sig-ws@w3.org from April 1999)

From: Phillip hallam-Baker <pbaker@verisign.com>
Date: Mon, 5 Apr 1999 11:34:45 -0700
To: <dee3@us.ibm.com>, "Signed-XML Workshop" <w3c-xml-sig-ws@w3.org>
Cc: <xml-dsig@socratic.org>
Message-ID: <003301be7f93$177d24b0$42060a0a@pbaker-pc2.verisign.com>

>### The main thing with which there was no disent was that
>cannonicalization is necessary, for the reasons cited in the
>minutes.  There was criticism by ekr (Eric Riscola) that for
>digital signing the recursive nature of the DOM HASH proposal
>is not needed (as it would be for efficient tree comparison)
>and is slower than just feeding a similarly defined ordered
>byte stream for the entire structure to be signed into a
>single hash function.


There may be agreement that IN SOME APPLICATIONS
the ABILITY TO canonicalize is a requirement.

There is intransigent objection to any requirement that
EVERY signed document be canonicalized.

I know that various people have said 'of course that
will be an option', however I now see the requirement
that the functionality be available turning into a requirement
the functionality be employed.


The reason is that I just do not believe that semantically
neutral transformations are possible in practice. However
good the spec looked I would distrust the implementations. 

Moreover I don't believe that there is sufficient knowledge
to construct a formal proof of correctness that demonstrates
that an XML cannonicalisation process is semantically
neutral. XML is not defined using a formal method which
is one obstacle, even if it were however XML is not a
syntax but a meta-syntax, the only proofs I have seen in
that domain which were convincing involved category theory.

The requirement that electronic commerce systems
be formally verified is quite realistic. Proofs relating to 
substantially larger systems exist. I find the idea that
digital signatures will be reliably used in any environment
which does not preserve the integrity of messages 
considerably less plausible. That does not mean that I
don't expect people to try.


I want to sign the bits on the wire. If people want to use
broken networks, the spec should provide them with the
tools. I do not however agree that those of us with networks
which do not mangle messages should be _required_ to
perform any transformation which is not fully specified
using formal methods and proven to be semantically neutral
using formal methods.


I would like to see a mechanism for signing the bits on the 
wire as a phase 1 deliverable and defer canonicalisation
until phase 2, I think that the task will prove somewhat more 
complex than some anticipate.


        Phill

Received on Monday, 5 April 1999 14:34:46 UTC