- From: Marc Hadley <marc.hadley@sun.com>
- Date: Tue, 1 Oct 2002 11:34:02 -0400
- To: noah_mendelsohn@us.ibm.com
- Cc: Rich Salz <rsalz@datapower.com>, mgudgin@microsoft.com, xml-dist-app@w3.org
On Tuesday, Oct 1, 2002, at 10:51 US/Eastern, noah_mendelsohn@us.ibm.com wrote: > > Furthermore, even whitespace can represent a covert channel, admittedly > only when someone is quite malicious. As you say, I think that > sigining a > whole message is indeed potentially interesting. I disagree that a > canonical form is needed beyond the infoset. We merely need a checksum > that is the same whenever the infoset is the same, and with very high > probability is different when the infoset is different. Very useful, > and > seemingly straightforward, IMO. > In the above do you mean the XML Infoset or a more liberal 'SOAP Infoset' where e.g. env:mustUnderstand="false" on a header block is the same as omitting an env:mustUnderstand attribute Our spec says that: <myns:myHeaderBlock xmlns:myns="..." env:mustUnderstand="false">...</myns:myHeaderBlock> should be treated identically to <myns:myHeaderBlock xmlns:myns="...">...</myns:myHeaderBlock> and that an intermediary can remove env:mustUnderstand="false" AIIs from header blocks in messages it forwards. Should signatures that include such header blocks break when an intermediary removes env:mustUnderstand="false" ? If not then some form of SOAP canonicalization is required, if so then I think we have a problem. Digests/checksums work on bits and bytes, not abstract infosets. Canonicalization is the concrete instantiation of what I think you are talking about in the abstract sense: generating a serialized form of the infoset suitable for consumption by a digest algorithm that 'is the same whenever the infoset is the same, and with very high probability is different when the infoset is different'. Marc. > > Rich Salz <rsalz@datapower.com> > 10/01/02 09:32 AM > > > To: Martin Gudgin <mgudgin@microsoft.com> > cc: "noah_mendelsohn@us.ibm.com" > <noah_mendelsohn@us.ibm.com>, > "xml-dist-app@w3.org" <xml-dist-app@w3.org> > Subject: RE: Proposal for various Infosetisms > > It would be nice to be able to sign an entire SOAP message -- for > example, a logging subsystem -- but it's not currently possible. > You need some form of SOAP canonicalization. In addition to the > question of being able to remove the SOAP header element, there > is the issue of whitespace between top-level header elements, > re-ordering of headers, etc. > > I suggest that the spec include a caveat that it is currently only > "safe" to sign individual header and body child elements (but not that > XMLDSIG can sign multiple things at once). > > Alternatively, ressurect my soap c14n proposal from nearly a year ago; > but it's probably too late in the game to add that now. > /r$ > > > > > -- Marc Hadley <marc.hadley@sun.com> XML Technology Center, Sun Microsystems.
Received on Tuesday, 1 October 2002 11:34:32 UTC