W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

RE: Efficacy of current crypto

From: Barb Fox (Exchange) <bfox@Exchange.Microsoft.com>
Date: Fri, 23 Apr 1999 21:31:32 -0700
Message-ID: <4992824A0863D211964B0008C7B1ACB801DDEC38@FIFI>
To: "'John Boyer'" <jboyer@uwi.com>
Cc: Dsig group <w3c-xml-sig-ws@w3.org>
[Bfox] inline comments below
-----Original Message-----
From: John Boyer [mailto:jboyer@uwi.com]
Sent: Friday, April 23, 1999 4:16 PM
To: Barb Fox (Exchange)
Cc: Dsig group
Subject: Efficacy of current crypto

Hi Barb,

>I agree with Don's view on this. Way too much discussion over the last
>couple of days has focused on implementation details.

Actually, I thought we were focusing on how we were going to design the
I mean, at the highest level of abstraction, should we have a model that
allows signing XML with diverse signing technologies that don't actually
express the signature in XML.  Is that really an implementation detail?

[Bfox] If by "diverse signing technologies" you mean algorithms, formats
(wrapped, embedded, detached), etc. then I understand and agree that we need
to specify these. This effort should define those applicable to XML. How
these get implemented using specific crypto packages will vary, and that is
not within the scope of this wg.

Where we disconnect  could be a need to define the "highest level of
abstraction" overlying some crypto API. imho: syntax of the signature is the
first requirement of this wg. Abstraction layers for signing (and the
corollary that often gets lost = verification) are generally not included as
a part of a standard. 

>Crypto API's all
>resolve down to signing hashes and good practice (i.e.not breaking
>underlying padding functions). Every vendor has had to extend theirs over
>the past year to accommodate CMS.

I'd like to ask the meaning of "Every vendor" and "has had to extend".  Does
"has had to extend" mean that "every vendor" now supports CMS in released

[Bfox] We have announced support for CMS as have many other vendors. CMS is
just now going to RFC, so there are no shipping products that support it --
yet. However, vendor commitment to extend PKCS#7 for S/MIME v3 is
broadly-based. This is how the standards process works. It takes lots of
work to get it right and then a lot of effort (and time, of course) to build

My justification for citing CMS as a functional baseline == it's a done
deal. I admit to some inaccuracy in assuming "every" vendor will do it.
That's their choice. The important point I was trying to make tho is that
CMS is the driver for including D-H and DSA along with other CMS goodies in
crypto engines. My recommendation is to acknowledge and in some cases even
assume CMS. 

Does that include Microsoft, and who else besides Microsoft does
"every vendor" include?  I know that Microsoft has enough resources to
implement every standard that comes out, but what's not clear is whether
"every vendor" has followed suit.

[Bfox] Just for the record, we do not implement "every" standard : - ) We
pick those which have strong application inertia and more important, those
things our customers care about. 
>Nothing in signing/verifying XML (that I've seen so far, anyway) makes me
>think it can't be done with the crypto we already have.

Well, obviously I would agree that we can sign XML with current technology
since that's what we do with XFDL.  But I think one of the points here is
that the crypto we already have now would have to get replaced with new
crypto modules that express signatures in XML.  

[Bfox] We may have another technical disconnect here on what we call "crypto
modules." I still contend that signing/verifying an XML signature does not
require any new crypto modules per se. Signing a hash is independent of how
the hash was constructed. I agree that there needs to be new code, but it's
not immediately obvious how that code needs to be "packaged." I'm sure that
each vendor will have their own approach to this problem.

The other point is that it
is at least conceivable that there might be signing needs beyond what is
offered by the crypto we currently have.  This seems to fall into two
categories.  The first is things that don't offer cryptographic strength
security but which offer security that (the vendors would argue) is as good
as paper signature.  Ironically, one such vendor, PenOp, lists Microsoft as
one of its technology 'partners'.  

[Bfox] First, crypto is dynamic and what we have already shipped isn't the
final chapter by any means. Second,I believe that this effort should focus
on cryptographic signatures.  

The second category is technologies that
don't use public key.  The IETF draft seems to include such a method because
folks like Donald don't find the public key crypto we already have to be
appropriate in some important applications.  This, in and of itself, is
evidence that the makers of past standards did not create sufficient signing
flexibility to account for these diverse needs that now seem to be
necessary.  What makes us think that we can now write a standard that covers
off every signing need with "the crypto we already have"?  I guess the
question is not where do we want to go to today, but rather where will we
want to go tomorrow?

[Bfox] I'm confused -- again about the core crypto requirement. Do you mean
biometrics? Or are you talking about MACs? What's not there now if we keep
the scope to cryptographic signatures? 

[Bfox] == Barbara Fox
Security Achitect, Windows 2000, bfox@microsoft.com
One Microsoft Way, Redmond WA 98052-6399, 425-936-9542 

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company
>--Barb Fox  
>-----Original Message-----
>From: John Boyer [mailto:jboyer@uwi.com]
>Sent: Friday, April 23, 1999 9:16 AM
>To: dee3@us.ibm.com
>Cc: Dsig group
>Subject: Re: You only want what you want...
>Hi Donald,
>>I'm actually quite sympathetic to your desire to be able to fit
>>Pen Ops security into a secure XML framework.
>>I think its pretty easy.
>Me, too.
>>I might actually be able to devote more some effort at looking into and
>promoting that
>>if I didn't feel a need to keep fighting off your efforts to
>>eviscerate other aspects of the prospective standard and obstructing
>>others from satisfying their requirements.
>My last email to Rich Himes described how to fit everything in the IETF
>proposal into the model I'm describing as a signing engine.  The model I'm
>proposing is a relatively small container idea into which the requirements
>of all of these other people fit.  In what way is that an obstruction?
>>Do you actually believe there is any substantial difficulty in just
>>sticking a Pen Ops blob and Pen Ops algorithm identifier in the
>>obvious fields in Richard Brown's proposal?
>There's nothing wrong with Richard Brown's proposal.  This isn't about
>at all, this is about a model that supports packaged crypto-engines, of
>which the package suggested by the IETF proposal could be one.  If you
>that the IETF proposal in its current state could support this generalized
>idea, could you please show me how?  The Rich Himes email gives an idea of
>what I'm talking about.  How do you do it under the IETF proposal?
>>Why the hell are you trying to push out cryprographic signatures
>>indefinitely when 3/4 of the people (at least of those surveyed
>>at the IETF BoF) think its urgent to get them standarized in
>>calendar 1999?
>>Do you think the IETF/W3C standards process would
>>take a year to standarize the content free skeleton you want?
>>If so, what do you base such a belief on?
>Someone previously on this list mentioned an 18 month window for the things
>you're talking about now.  I would have preferred to say 6 months for the
>framework I'm talking about, but I did not want to be too presumptuous of
>others' time.  Set whatever time frame you like.  The only question is do
>you think it is possible in some way... in any way THAT YOU WANT... to
>accommodate attaching to crypto packages?
>As for signature expressed in XML, I am not "the hell" trying to push out
>crypto signatures indefinitely.  I am trying to decouple signing XML from
>the requirement to be limited to only certain technologies that can be
>envisioned today.  If as you say (and I believe it and would count myself
>this camp), 3/4 of the people are interested in expressing signatures in
>XML, then you will have no shortage of people to work on the XML signature
>module in parallel such that there is no delay other than the delay we've
>had so far in trying to figure out whether we want the model I'm talking
>about-- which incidentally is not a delay since we don't even have a
>group yet!
>>Please fight for what you need and don't fight to thwart others
>>from getting what they need.
>As I said before, I don't see the thwarting part happening here.  Every
>in the IETF proposal can be looked it as part of a signing engine that
>be supported by a framework that attaches to cryptographic packages as they
>are created.   Thus, the rhetorical question becomes, what is really
>thwarted here?  Unless the IETF draft or similar proposals can support a
>model of attaching to crypto packages in general, then the ability to use
>all existing crypto software packages like the current Microsoft CryptoAPI,
>like Netscape, like Entrust, is what is getting thwarted.
>I'm new to this scene so maybe I just don't understand the IETF spec well
>enough to see how to do what I'm talking about.
>John Boyer
>Software Development Manager
>UWI.Com -- The Internet Forms Company
>>Donald E. Eastlake, 3rd
>>17 Skyline Drive, Hawthorne, NY 10532 USA
>>dee3@us.ibm.com   tel: 1-914-784-7913, fax: 1-914-784-3833
>>home: 65 Shindegan Hill Road, RR#1, Carmel, NY 10512 USA
>>dee3@torque.pothole.com   tel: 1-914-276-2668
Received on Saturday, 24 April 1999 00:31:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:44:59 UTC