At 12:11 PM 3/26/2003 +0000, kare...@esat.kuleuven.ac.be wrote:
[...]
IMHO, the XML and the transform should be signed, and the rest should be
left to be specified by people who adopt this standard.
I think it's better to sign 2 references, one to the raw document, one that
applies transform(s) to make the raw document human-readable:
<Reference URI="#SomeDocument">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue>
</Reference>
<Reference URI="#SomeDocument">
<Transforms>
<Transform Algorithm="http://www.someplace.org/SomeTransform"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>Q52xy4a9289mvDl1up4sbEVU89x=</DigestValue>
</Reference>
Looking at the XML-DSIG spec, I don't see any mention of signing
transforms. Instead, usually transforms shouldn't need to be
signed/verified, since the data is signed after going through them, so a
change/corruption of the transform will invalidate the signature.
I guess you're proposing something like this?, where both the document and
transform are signed? -
<Reference URI="#SomeDocument">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue>
</Reference>
<Reference URI="#http://www.w3.org/SomeTransform">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>Q52xy4a9289mvDl1up4sbEVU89x=</DigestValue>
</Reference>
However in this case, suppose multiple documents (#SomeDocument1,
#SomeDocument2, etc.) were signed. And suppose there are multiple
transforms. How would it be clear which transforms apply to which
documents? Moreover, if you sign only the transforms, not the transformed
data, then there's wiggle-room for the signer to try to claim that he
applied the transform differently than the verifier (suppose the transform
references time-sensitive data somehow).
Also, what about in the case above, where the transform might not be a
stylesheet, but might be described algorithmically by a text document
referenced by a URI that may not even be a URL - i.e. there may not be data
describing the transform that is signable. Even if there is, it may be a
human-readable document subject to revisions (which would invalidate a
signature), or it may be quite large, which would make signing/verifying
unwieldy, and in any case add a network dependency, since the verifier will
only be able to verify the document as long as the site stays up.
So I think signing data after it's transformed is much more in accord with
how XML-DSIG was designed to work, and in the case where we want to sign
both human-readable and machine-readable views on some data, it's easiest
to do that with different ds:References, each applying whatever transforms
are appropriate to the same underlying data.
Trevor
63 messages in org.oasis-open.lists.dssRE: [dss] Groups - dss-requirements-1...
.bin