[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: Content Type for XML Objects

To: housley@xxxxxxxxxxxx, joerg.schwenk@xxxxxx
Subject: Re: AW: Content Type for XML Objects
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Wed, 09 Apr 2008 18:31:03 +1200
Cc: ietf-smime@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-id: <ietf-smime.imc.org>
List-unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Sender: owner-ietf-smime@xxxxxxxxxxxx

=?iso-8859-1?Q?J=F6rg_Schwenk?= <joerg.schwenk@xxxxxx> writes:

>- The problem now is that there are, up to my knowledge, at least two
>different C14N algorithms specified. So one OID will not do, because it has
>to tell the signature verification function how to process the XML data
>before hashing it.

Argh, no, this is exactly the same mistake that XMLdsig makes, and (one of)
the reasons why it's such a nightmare to implement (see
http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt for the short form and
http://seattle.toorcon.org/2007/talks/bradhill.ppt for the version with full
orchestration and five part harmony).

The nice thing about S/MIME and PGP is that what's signed is "this string of
bits, exactly as is", without any need to perform impossible manipulations on
it first like XMLdsig requires.

>To sum up: I think we need a different OID for each C14N algorithm.

Only if we want to repeat XMLdsig's mistakes.  This is a chance to fix them,
not to perpetuate them.

Peter.

Follow-Ups:
- Re: AW: Content Type for XML Objects
  - From: Blake Ramsdell
- RE: AW: Content Type for XML Objects
  - From: Jim Schaad

References:
- AW: Content Type for XML Objects
  - From: Jörg Schwenk

Prev by Date: Re: AW: Content Type for XML Objects
Next by Date: RE: AW: Content Type for XML Objects
Previous by thread: Re: AW: Content Type for XML Objects
Next by thread: RE: AW: Content Type for XML Objects
Index(es):
- Date
- Thread