Re: Link Extensions. Need "md5" or some kind of hash.

Subject: Re: Link Extensions. Need "md5" or some kind of hash.

From: Bob Wyman <bob@xxxxxxxx>

Date: Tue, 4 May 2010 16:50:27 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type; bh=nDeUZNy+rMDM0kxp6duuLh/KY6/aTk80VpFMwEs0bPc=; b=g+ZlQ5ON75sUmfNs0C++mJ4Phli+kjR9FuLxmgObwYfz8GCt8C/E6E+G7owRj14odY lYSHiTRKo/MkH/zizml3rqFvJ2fJU4S+5Xt78VmfusVHach1CX6MaqTLd5Xgo0ep7lKJ pR0TW/4ayuQ1kTxw9x1HPv8RWRt7gol9XL06s=

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; b=up2OyWiexwQPUQ8Is4gFuQbf9yDJN90cUjcTIHtgd72DxDEs3g0A+brlqDqzOdhcb2 w+D3wtBoJ/QGcO+5Ge9OifpRS+OdvCY2zuf+1jTyzFgM4NfWDrIexgHvse2SM//BVUyc p84wvSJijhx2iagxJAdk/RSMn5mqtQcxlbnuI=

In-reply-to: <OFB0997B07.2F7457B9-ON85257719.007165E3-85257719.00718FD1@xxxxxxxxxx>

List-archive: <http://www.imc.org/atom-syntax/mail-archive/>

List-id: <atom-syntax.imc.org>

List-unsubscribe: <mailto:atom-syntax-request@imc.org?body=unsubscribe>

References: <y2m45be5cd41005041054g84783901s93762ddb7e1cfd7@xxxxxxxxxxxxxx> <OFB0997B07.2F7457B9-ON85257719.007165E3-85257719.00718FD1@xxxxxxxxxx>

Sender: owner-atom-syntax@xxxxxxxxxxxx

> doing some kind of canonicalization first

Right. That's one of the sweet things about Salmon's Magic Signature stuff. The idea is that you punt on canonicalizing the XML by just dumping it into a base64 blob. You then sign the blob, not the XML. As a result, all the canonicalization issues disappear and you've got a nice, easy to implement signature method.

See the draft for details: http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-00.html

bob wyman

On Tue, May 4, 2010 at 4:40 PM, Richard Salz <rsalz@xxxxxxxxxx> wrote:

I have some concerns about hashing XML without doing some kind of
canonicalization first -- namely, will it work in practice? I don't know.
If it does, great, c14n is generally expensive.

We wrote a draft I-D on security processing for Atom nearly a year ago.
Not much interest anywhere, but I still think it's pretty good. :)

https://datatracker.ietf.org/idst/status.cgi?submission_id=17333

/r$

--
STSM, WebSphere Appliance Architect
https://www.ibm.com/developerworks/mydeveloperworks/blogs/soma/