Re: XML Encryption Data/Processing Model

One thing that we noticed as problematic when looking at
signature/encryption
is the treatment of xml:lang and xml:space in
C14N, if we use C14N for serialization.  C14N requires you to "push" the
nearest
xml:lang and xml:space declarations in the outer context into the C14Ned
form.

For example, canonicalizing the <bar/> element in

<foo xml:lang='JA">
   <bar />
</foo>

will yield

<bar xml:lang="JA"/>.

Now, consider a sign-and-then-encrypt scenario for the following document.

<el2sign xml:lang="JA">
   <el2enc>secret</el2enc>
</el2sign>

where <el2sign> is signed and then <el2enc> is encrypted.  If we use C14N
before encrypting <el2enc>, it will be converted to

<el2enc xml:lang="JA">secret</el2enc>

and consequently, after decryption the signature verifier will see

<el2sign xml:lang="JA">
   <el2enc xml:lang="JA">secret</el2enc>
</el2sign>

Unfortunately, C14Ning this will not remove the duplicate xml:lang
declaration
in <el2enc>.  Therefore, the signature does not verify.

***

We rather think this is due to lack of consistency in C14N.  If C14N
treats "xml:lang in effect" rather than "xml:lang declarations" as
significant, it should remove redundant xml:lang declarations.  If C14N
thinks "xml:lang declarations" significant, it should not copy
outer declaration into C14Ned element.

Incidentally, C14N is consistent in treatment of namespace declarations -
it always treats "in-scope namespaces" only and redundant
namespace declarations are removed.

Because C14N is already fixed, I do not think we can use C14N
as serialization of encrypted data.  We are trying to define a
serialization
that would preserve the declarations as they appear in the original
document.

Hiroshi




--
Hiroshi Maruyama
Manager, Internet Technology, Tokyo Research Laboratory
+81-46-215-4576
maruyama@jp.ibm.com



From: "Joseph M. Reagle Jr." <reagle@w3.org>@w3.org on 2001/03/30 04:15

Please respond to "Joseph M. Reagle Jr." <reagle@w3.org>

Sent by:  xml-encryption-request@w3.org


To:   Takeshi Imamura/Japan/IBM@IBMJP
cc:   "XML Encryption WG " <xml-encryption@w3.org>, Hiroshi
      Maruyama/Japan/IBM@IBMJP
Subject:  Re: XML Encryption Data/Processing Model



At 19:33 3/29/2001 +0900, Takeshi Imamura wrote:
>The serialization is not so sensitive if only encryption is performed.
>However, that may not be true if both encryption and signature are
>performed on a document.  For example, suppose that a user signs and then
>encrypts a document, where he defines and uses his own serialization which
>does not preserve information set.  Another user will fail in verifying
the
>signature because the original document cannot be retrieved.  For such
>reason, I think we should define at least a serialization for information
>set.

Very good point, I added that to the text in that section. However, I don't
think the Infoset or DOM data models lack anything required by Canonical
XML. (The part of XPath data model used by Canonical XML is a subset of
both
DOM and Infoset, right?) Even if this is the case (doesn't necessitate the
use of Infoset or DOM), do you have a preference between the two?

__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Friday, 30 March 2001 04:22:20 UTC