- From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
- Date: Thu, 17 Aug 2000 08:37:45 -0400
- To: Paul Hoffman / IMC <phoffman@imc.org>
- cc: <xml-names-editor@w3.org>, <www-xml-infoset-comments@w3.org>, "XML DSig" <w3c-ietf-xmldsig@w3.org>
Hi,
From: Paul Hoffman / IMC <phoffman@imc.org>
X-Sender: phoffman@mail.imc.org
Message-Id: <p05000e01b5c0bcb2bfc2@[165.227.249.17]>
In-Reply-To: <200008162045.QAA14245@torque.pothole.com>
References: <200008162045.QAA14245@torque.pothole.com>
Date: Wed, 16 Aug 2000 14:59:24 -0700
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>,
"John Boyer" <jboyer@PureEdge.com>
Cc: <xml-names-editor@w3.org>, <www-xml-infoset-comments@w3.org>,
"XML DSig" <w3c-ietf-xmldsig@w3.org>
>At 4:45 PM -0400 8/16/00, Donald E. Eastlake 3rd wrote:
>> ><dsig:Reference xmlns:dsig="&dsig;" URI="#X" dsig:URI="#Y>
>>>...
>>>
>>>If my implementation picks up URI and your implementation picks up dsig:URI,
>>>then only one of us will correctly validate this beastly signature.
>>
>>While a bad state of affairs we should avoid, I would put 90%+ of the
>>blame for such a non-interoperability on the software which generated
>>the above Reference.
>
>DANGER, DANGER, WILL ROBINSON! This is exactly the attitude that got
>X.509/PKIX into the sorry state it is in today. If you want
>interoperability between signature creators and validators, you MUST
>prevent any ambiguity about how to interpret abominations like the
>above.
I don't think any XML software I'm familiary with would generate the
above from the schema/DTD we have. The URI attribute is a local
attribute of the Reference element and to prefix it with a namespace
is is really an error.
>> >Below you state, "If the text documenting N and/or E doesn't tell you what
>>>to do here, you get to toss a coin or something." Tossing a coin undermines
>>>the interoperability that is supposedly the cornerstone of XML. The 'if'
>>>part of your statement should not be true for any application of XML, and
>>>therefore not for XML DSig in particular.
>>
>>Sure it shouldn't but I bet it is for most.
>
>Then why even continue with this work? IETF work is meant to assure
XML Digital Signatures are sigantures using XML syntax which can sign
anything. We can fix most things for XML Digital Signatures by
constraining / defining its syntax and processing. But we can't fix
the whole XML world. I've never seen any XML appliciation that
defines what to do when you have duplicate local attribute names on an
element distnguished by prefix. This lack is what I was talking about
above and actually has little to do with the interoperability of XML
Digital Signatures themselves, which we get to define.
>interoperability, not just "look, we came up with another format for
>an interesting type of data". This WG has the opportunity to make XML
>digsigs very useful, but if you can't even get them more
>interoperable than those in CMS or even PGP, they won't be very
>popular, which would be sad. (I say this as someone who holds his
>nose when I need to wade through ASN.1 but just wince when I have to
>use XML.)
Well, I don't really know just how much real world interoperability
there will be. If people use lots of complex/proprietary algorithms
(including transforms and canonicalization as well as crypto), there
may be hardly any.
While the design of XML is perfectly understandable, given its
origins, it is pretty signatgure unfriendly.
>--Paul Hoffman, Director
>--Internet Mail Consortium
Donald
Received on Thursday, 17 August 2000 08:35:04 UTC