W3C home > Mailing lists > Public > xml-encryption@w3.org > August 2001

Re: FW: Fwd: Surreptitious Forwarding

From: <edsimon@xmlsec.com>
Date: Thu, 2 Aug 2001 15:04:53 -0400
Message-ID: <3B5F179F00003157@mail.san.yahoo.com>
To: Joseph M. Reagle Jr. <reagle@w3.org>, Plambeck, Thane <tplambeck@verisign.com>, Don Davis <ddavis@curl.com>
Cc: 'xml-encryption@w3.org' <xml-encryption@w3.org>
As I said at the July meeting, I think "Surreptitious Forwarding" is almost
superfluous with respect to the XML Encryption spec.  Though I'm wary of
extending the "Security considerations" section of XML Signature too far,
here's the text I would propose if we were going to mention the topic there...

Signatures only secure what they sign.  Information not signed by a signature
is not secured by that signature [Security 101].  Applications with user
interfaces that expose the results of a signature verification to the user
should notify users of exactly what is signed if there is a reasonable chance
that users misapprehension of the scope of a signature will affect security.
 If other security operations, such as encryption, were also part of the
user experience, it may be necessary for an application to indicate that
these non-signature security operations do not alter the scope of a signature.[Davis]

It seems to me that the topic of "Surreptitious forwarding" largely stems
from the fact that in the world before XML, it was not *practical* to *selectively*
secure data.  Consequently, email systems were built around the idea that
if you wanted to encrypt AND sign, you had to encrypt AND sign the same
data.  Hence, things that perhaps should have been signed (like an email's
recipient list), were left unsigned.

Thankfully, we now live in a world with XML, a world where it is practical
to have more flexibility in what gets encrypted and what gets signed, where
email applications now have the opportunity to enhance their security by
using XML-based security protocols.  

The topic of "Surreptitious Forwarding" provides a good example I think
of what distinguishes XML Signature and XML Encryption from pre-XML security
protocols and this is definitely worth writing about.  However, I would
prefer to keep such non-normative text out of XML Signature and XML Encryption.


-- Original Message --

>Thank you for putting proposals out there, makes things a bit more concrete.
>I would like to keep it short, and I also don't want to imply "correction"
>or "detection" as that is counter to the warnings we're trying to make.
>how about the following for Encryption:
>>When an encrypted envelope contains a signature, the signature does not
>>necessarily protect the authenticity or integrity of the ciphertext [Davis].
>>Furthermore, while the signature secures plaintext it only covers that

>>which is signed, recipients of encrypted messages must not infer integrity
>>or authenticity of other unsigned information (e.g., headers) within the
>>encrypted envelope, see [XMLDSIG, 8.1.1 Only What is Signed is Secure].
>Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
>W3C Policy Analyst                mailto:reagle@w3.org
>IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
>W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Ed Simon
XMLsec Inc.

Interested in XML Security Training and Consulting services?  Visit "www.xmlsec.com".
Received on Thursday, 2 August 2001 15:05:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:04 UTC