- From: <edsimon@xmlsec.com>
- Date: Thu, 2 Aug 2001 15:04:53 -0400
- To: Joseph M. Reagle Jr. <reagle@w3.org>, Plambeck, Thane <tplambeck@verisign.com>, Don Davis <ddavis@curl.com>
- Cc: 'xml-encryption@w3.org' <xml-encryption@w3.org>
As I said at the July meeting, I think "Surreptitious Forwarding" is almost superfluous with respect to the XML Encryption spec. Though I'm wary of extending the "Security considerations" section of XML Signature too far, here's the text I would propose if we were going to mention the topic there... <ProposedText> Signatures only secure what they sign. Information not signed by a signature is not secured by that signature [Security 101]. Applications with user interfaces that expose the results of a signature verification to the user should notify users of exactly what is signed if there is a reasonable chance that users misapprehension of the scope of a signature will affect security. If other security operations, such as encryption, were also part of the user experience, it may be necessary for an application to indicate that these non-signature security operations do not alter the scope of a signature.[Davis] </ProposedText> It seems to me that the topic of "Surreptitious forwarding" largely stems from the fact that in the world before XML, it was not *practical* to *selectively* secure data. Consequently, email systems were built around the idea that if you wanted to encrypt AND sign, you had to encrypt AND sign the same data. Hence, things that perhaps should have been signed (like an email's recipient list), were left unsigned. Thankfully, we now live in a world with XML, a world where it is practical to have more flexibility in what gets encrypted and what gets signed, where email applications now have the opportunity to enhance their security by using XML-based security protocols. The topic of "Surreptitious Forwarding" provides a good example I think of what distinguishes XML Signature and XML Encryption from pre-XML security protocols and this is definitely worth writing about. However, I would prefer to keep such non-normative text out of XML Signature and XML Encryption. Ed -- Original Message -- >Thank you for putting proposals out there, makes things a bit more concrete. > >I would like to keep it short, and I also don't want to imply "correction" > >or "detection" as that is counter to the warnings we're trying to make. So, > >how about the following for Encryption: > >>When an encrypted envelope contains a signature, the signature does not > >>necessarily protect the authenticity or integrity of the ciphertext [Davis]. >> >>Furthermore, while the signature secures plaintext it only covers that >>which is signed, recipients of encrypted messages must not infer integrity > >>or authenticity of other unsigned information (e.g., headers) within the > >>encrypted envelope, see [XMLDSIG, 8.1.1 Only What is Signed is Secure]. > > >-- >Joseph Reagle Jr. http://www.w3.org/People/Reagle/ >W3C Policy Analyst mailto:reagle@w3.org >IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature >W3C XML Encryption Chair http://www.w3.org/Encryption/2001/ > > ----------------------------------------------------------------------------------------------- Ed Simon XMLsec Inc. Interested in XML Security Training and Consulting services? Visit "www.xmlsec.com".
Received on Thursday, 2 August 2001 15:05:51 UTC