[R608] and digital signatures from Frank DeRose on 2000-12-06 (xml-dist-app@w3.org from December 2000)

From: Frank DeRose <frankd@tibco.com>
Date: Wed, 6 Dec 2000 15:21:08 -0800
To: <xml-dist-app@w3.org>
Message-ID: <OFELJFDBDMKCBMENENFOKEINCPAA.frankd@tibco.com>
In today's conf call, Oisin proposed appending the following text to R608:

"The Working Group will endeavour to address the issue of electronically
signing XP envelope entities with reference to the XML Signature
specification."

I believe Oisin made this proposal as a result of an email I sent him
(privately, because I thought the issue of digital signatures must have been
thrashed out at the first f2f). I've included my original message and
Oisin's response below.

Since Alex Ceponkus just sent another email [1] inquiring about digital
signatures, it seems we need to discuss this issue more fully. Personally, I
think Oisin's proposed wording may be too restrictive since it could be
construed as tying us exclusively to XML Signature. As I said in my email to
Oisin, I would be happy with the following wording somewhere in the
requirements doc (appended to R608?):

"The XP specification should not preclude the use of popular digital signing
mechanisms."

Can we get more input from the security experts? BTW, Alex, great "useful
links."

Frank DeRose
TIBCO Software Inc.
3165 Porter Dr
Palo Alto, CA 94303
650-846-5570 (vox)
650-846-1267 (fax)
frankd@tibco.com
www.tibco.com

[1] http://lists.w3.org/Archives/Public/xml-dist-app/2000Dec/0065.html
[2] http://lists.w3.org/Archives/Public/xml-dist-app/2000Nov/0271.html
[3] http://lists.w3.org/Archives/Public/xml-dist-app/2000Nov/0207.html
[4] http://lists.w3.org/Archives/Public/xml-dist-app/2000Oct/0118.html
[5] http://lists.w3.org/Archives/Public/xml-dist-app/2000Oct/0090.html

-----Original Message-----
From: Frank DeRose [mailto:frankd@tibco.com]
Sent: Thursday, November 30, 2000 9:29 PM
To: Oisin Hurley
Subject: RE: [608] Discussion


Oisin,

Regarding DR608, my poor understanding of security tells me there are two
aspects to it:

1.) Security like HTTPS implemented through SSL. Clearly, the XP
specification should not preclude the use of XP messaging over HTTPS.

2.) Security as implemented through the signing of documents and
verification of signatures. This kind of security is mentioned in several
emails ([2], [3], [4] [5]).

DR608 seems to address only the first kind of security, while DR046 (which
has been ruled out of scope) mixes up both kinds of security. It seems we
need two DR's that separate the two kinds of security. For example:

DRx The XP specification should not preclude the use of XP messaging over
popular security mechanisms such as SSL and S/MIME.

DRy The XP specification should not preclude the use of popular digital
signing mechanisms.

Also, according to R503, "The Working Group will coordinate with W3C XML
Activities through the XML Coordination Group and shall use available XML
technologies whenever possible." Would this suggest that the XP WG ought to
be making use of technology developed by the XML-Signature WG? If that's the
case, we could modify DRy as follows:

DRy For digital signatures, the XP specification will incorporate the
technology currently being developed by the XML-Signature WG.

Also, where does the XP WG stand with respect to the new XKMS proposal
coming out of MSFT, WEBM, RSAS, and VRSN, which seems to take XML-Signature
as a given? Like I said, I am not a security whiz (by any means!!), but I
guess I find it hard to believe that we would create an XML Protocol that
doesn't address digital signatures in one way or another.

My guess is that the issue of digital signatures was probably thrashed
around a good bit offline somewhere, perhaps in the first f2f, at which I
wasn't present. I'm a latecomer to the WG, so I didn't want to burden the
main discussion stream if these issues have already been covered. But, I did
want to get an answer to my questions. I know that the value of an XML
Protocol to TIBCO is going to be reduced substantially if digital signatures
aren't addressed.

Frank DeRose
TIBCO Software Inc.
3165 Porter Dr
Palo Alto, CA 94303
650-846-5570 (vox)
650-846-1267 (fax)
frankd@tibco.com
www.tibco.com

-----Original Message-----
From: Oisin Hurley [mailto:ohurley@iona.com]
Sent: Tuesday, December 05, 2000 1:39 AM
To: Frank DeRose
Cc: Oisín Hurley
Subject: RE: [608] Discussion


Hi Frank,
Please excuse the lateness of my reply as I am currently on the road
in Europe and am short of time to do real work!

> 1.) Security like HTTPS implemented through SSL. Clearly, the XP
> specification should not preclude the use of XP messaging over HTTPS.
>
> 2.) Security as implemented through the signing of documents and
> verification of signatures. This kind of security is mentioned in emails
> 0271, 0207, 0118, 0090.

Yes - this is a reasonable assessment. You could say that one is about
transport security and the other about security management mechanisms.

> DR608 seems to address only the first kind of security, while DR046 (which
> has been ruled out of scope) mixes up both kinds of security. It seems we
> need two DR's that separate the two kinds of security. For example:
>
> DRx The XP specification should not preclude the use of XP messaging over
> popular security mechanisms such as SSL and S/MIME.
>
> DRy The XP specification should not preclude the use of popular digital
> signing mechanisms.

The latter point, leveraging existing security mechanisms is addressed
(albeit in a general manner) in the general requirement for extensibility
in DR700, I think, so we can concern ourselves only with point 1) above.

> Also, where does the XP WG stand with respect to the new XKMS proposal
> coming out of MSFT, WEBM, RSAS, and VRSN, which seems to take
> XML-Signature
> as a given? Like I said, I am not a security whiz (by any means!!), but I
> guess I find it hard to believe that we would create an XML Protocol that
> doesn't address digital signatures in one way or another.

It should be mentioned that the whole point of getting this XML protocol
going was not to bring all this stuff together in the XP specification,
but instead to present an  extensible envelope into which different
things may be put. So there shouldn't (IMO) be an intrinsic security
model within XML protocol, but there should be a means to include
information about digital signatures, PKI features, PACs etc.

> My guess is that the issue of digital signatures was probably thrashed
> around a good bit offline somewhere, perhaps in the first f2f, at which I
> wasn't present. I'm a latecomer to the WG, so I didn't want to burden the
> main discussion stream if these issues have already been covered.
> But, I did
> want to get an answer to my questions. I know that the value of an XML
> Protocol to TIBCO is going to be reduced substantially if digital
> signatures
> aren't addressed.

Well, to my memory it wasn't :) The initial f2f was a bit hectic what
with 45 people in the same room all making up requirements and shouting
them at the chair. I agree that there is a requirement for ensuring that
XML protocol envelopes can be mapped to protocols that have security
features and I think I am on  your side when I say that it would be
a good thing to address the signing of XML Protocol envelopes. I'll
put a proposal out to the list today.

 many thanks for your comment
   --oh

--
ohurley at iona dot com
+353 1 637 2639
Received on Wednesday, 6 December 2000 18:20:39 UTC