Edit comment LC-2503 for XML Security Working Group

Quick access to LC-2502 LC-2503 LC-2504

Comment LC-2503

Comment Shortname:

Commenter: Marcos Caceres <marcosscaceres@gmail.com>

Message-id:

Section of the document concerned:

[Free text description]Document as a wholeXML Signature Syntax and Processing Version 1.1 /**/... XML Signature Syntax and Processing Version 1.1 W3C Candidate Recommendation 03 March 2011 Abstract This document specifies XML digital signature proc... Status of This Document This section describes the status o... Table of Contents 1. Introduction 1.1 Editorial and Confo... 1. Introduction This document specifies XML syntax and proc... 1.1 Editorial and Conformance Conventions For readability,... 1.2 Design Philosophy The design philosophy and requirement... 1.3 Versions Namespaces and Identifiers This specification... 1.4 Acknowledgements The contributions of the members of th... 2. Signature Overview and Examples This section provides an... 2.1 Simple Example (Signature, SignedInfo, Methods, and Ref... 2.1.1 More on Reference [s05] <Reference URI="http://... 2.2 Extended Example (Object and SignatureProperty) This sp... 2.3 Extended Example (Object and Manifest) The Manifest ele... 3. Processing Rules The sections below describe the operati... 3.1 Signature Generation The required steps include the gen... 3.1.1 Reference Generation For each data object being signe... 3.1.2 Signature Generation Create SignedInfo element with... 3.2 Core Validation The required steps of core validation i... 3.2.1 Reference Validation Canonicalize the SignedInfo ele... 3.2.2 Signature Validation Obtain the keying information f... 4. Core Signature Syntax The general structure of an XML si... 4.1 The ds:CryptoBinary Simple Type This specification defi... 4.2 The Signature element The Signature element is the root... 4.3 The SignatureValue Element The SignatureValue element c... 4.4 The SignedInfo Element The structure of SignedInfo incl... 4.4.1 The CanonicalizationMethod Element CanonicalizationMe... Note 4.4.2 The SignatureMethod Element SignatureMethod is a requ... 4.4.3 The Reference Element Reference is an element that ma... 4.4.3.1 The URI Attribute The URI attribute identifies a da... 4.4.3.2 The Reference Processing Model Note: XPath is recom... Note 4.4.3.3 Same-Document URI-References Dereferencing a same-d... 4.4.3.4 The Transforms Element The optional Transforms elem... 4.4.3.5 The DigestMethod Element DigestMethod is a required... 4.4.3.6 The DigestValue Element DigestValue is an element t... 4.5 The KeyInfo Element KeyInfo is an optional element that... binary (ASN.1 DER) X.509 Certificate 4.5.1 The KeyName Element The KeyName element contains a st... 4.5.2 The KeyValue Element The KeyValue element contains a... 4.5.2.1 The DSAKeyValue Element Identifier Type="http://ww... http://www.w3.org/2000/09/xmldsig#DSAKeyValue 4.5.2.2 The RSAKeyValue Element Identifier Type="http://ww... http://www.w3.org/2000/09/xmldsig#RSAKeyValue 4.5.2.3 The ECKeyValue Element Identifier Type="http://www... http://www.w3.org/2009/xmldsig11#ECKeyValue 4.5.2.3.1 Explicit Curve Parameters The ECParameters elemen... 4.5.2.3.2 Compatibility with RFC 4050 Implementations that... 4.5.3 The RetrievalMethod Element A RetrievalMethod element... 4.5.4 The X509Data Element Identifier Type="http://www.w3.... http://www.w3.org/2000/09/xmldsig#X509Data 4.5.4.1 Distinguished Name Encoding Rules To encode a disti... 4.5.5 The PGPData Element Identifier Type="http://www.w3.o... http://www.w3.org/2000/09/xmldsig#PGPData 4.5.6 The SPKIData Element Identifier Type="http://www.w3.... http://www.w3.org/2000/09/xmldsig#SPKIData 4.5.7 The MgmtData Element Identifier Type="http://www.w3.... http://www.w3.org/2000/09/xmldsig#MgmtData 4.5.8 XML Encryption EncryptedKey and DerivedKey Elements T... 4.5.9 The DEREncodedKeyValue Element Identifier Type="http... http://www.w3.org/2009/xmldsig11#DEREncodedKeyValue 4.5.10 The KeyInfoReference Element A KeyInfoReference elem... 4.6 The Object Element Identifier Type="http://www.w3.org/... "http://www.w3.org/2000/09/xmldsig#Object" 5. Additional Signature Syntax This section describes the o... 5.1 The Manifest Element Identifier Type="http://www.w3.or... "http://www.w3.org/2000/09/xmldsig#Manifest" 5.2 The SignatureProperties Element   Identifier Type="htt... http://www.w3.org/2000/09/xmldsig#SignatureProperties 5.3 Processing Instructions in Signature Elements No XML pr... 5.4 Comments in Signature Elements XML comments are not use... 6. Algorithms This section identifies algorithms used with... 6.1 Algorithm Identifiers and Implementation Requirements T... *note: Note that the same URI is used to identify base64 bo... **note: The Enveloped Signature transform removes the Signa... 6.2 Message Digests This specification defines several poss... 6.2.1 SHA-1 Identifier: http://www.w3.org/2000/09/xmldsig#... http://www.w3.org/2000/09/xmldsig#sha1 6.2.2 SHA-256 Identifier: http://www.w3.org/2001/04/xmlenc... http://www.w3.org/2001/04/xmlenc#sha256 6.2.3 SHA-384 Identifier: http://www.w3.org/2001/04/xmldsi... http://www.w3.org/2001/04/xmldsig-more#sha384 6.2.4 SHA-512 Identifier: http://www.w3.org/2001/04/xmlenc... http://www.w3.org/2001/04/xmlenc#sha512 6.3 Message Authentication Codes MAC algorithms take two im... 6.3.1 HMAC Identifier: http://www.w3.org/2000/09/xmldsig#h... http://www.w3.org/2000/09/xmldsig#hmac-sha1 http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 6.4 Signature Algorithms Signature algorithms take two impl... 6.4.1 DSA Identifier: http://www.w3.org/2000/09/xmldsig#ds... http://www.w3.org/2000/09/xmldsig#dsa-sha1 http://www.w3.org/2009/xmldsig11#dsa-sha256 Security considerations regarding DSA key sizes 6.4.2 RSA (PKCS#1 v1.5) Identifier: http://www.w3.org/2000... http://www.w3.org/2000/09/xmldsig#rsa-sha1 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 Security considerations regarding RSA key sizes 6.4.3 ECDSA Identifiers: http://www.w3.org/2001/04/xmldsig... http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 6.5 Canonicalization Algorithms If canonicalization is perf... 6.5.1 Canonical XML 1.0 Identifier for required Canonical... 6.5.2 Canonical XML 1.1 Identifier for required Canonical... 6.5.3 Exclusive XML Canonicalization 1.0 Identifier for Ex... 6.6 Transform Algorithms A Transform algorithm has a single... 6.6.1 Canonicalization Any canonicalization algorithm that... 6.6.2 Base64 Identifiers: http://www.w3.org/2000/09/xmldsi... http://www.w3.org/2000/09/xmldsig#base64 6.6.3 XPath Filtering Identifier: http://www.w3.org/TR/199... Function: node-set here() 6.6.4 Enveloped Signature Transform Identifier: http://www... http://www.w3.org/2000/09/xmldsig#enveloped-signature 6.6.5 XSLT Transform Identifier: http://www.w3.org/TR/1999... 7. XML Canonicalization and Syntax Constraint Consideration... 7.1 XML 1.0 Syntax Constraints, and Canonicalization XML 1.... 7.2 DOM/SAX Processing and Canonicalization In addition to... 7.3 Namespace Context and Portable Signatures In [XPATH] an... 8. Security Considerations The XML Signature specification... 8.1 Transforms A requirement of this specification is to pe... 8.1.1 Only What is Signed is Secure First, obviously, signa... 8.1.2 Only What is "Seen" Should be Signed Additionally, th... 8.1.3 "See" What is Signed Just as a user should only sign... 8.2 Check the Security Model This specification uses public... 8.3 Algorithms, Key Lengths, Certificates, Etc. The strengt... 8.4 Error Messages Implementations should not provide detai... 9. Schema 9.1 XSD Schema XML Signature Core Schema Instan... 9.1 XSD Schema XML Signature Core Schema Instance xmldsig... 9.2 RNG Schema This section is non-normative. Non-normative... 10. Definitions Authentication Code (Protected Checksum) A... Authentication Code Protected Checksum Authentication, Message Authentication, Signer Checksum Core Data Object Integrity Object Resource Signature Signature, Application Signature, Detached Signature, Enveloping Signature, Enveloped Transform Validation, Core Validation, Reference Validation, Signature Validation, Trust/Application A. References Dated references below are to the latest know... A.1 Normative references [ECC-ALGS] D. McGrew, K. Igoe, M.... [ECC-ALGS] [FIPS-180-3] [FIPS-186-3] [HMAC] [HTTP11] [LDAP-DN] [NFC] [OCSP] [PGP] [PKCS1] [RFC2045] [RFC2119] [RFC3279] [RFC3406] [RFC4051] [RFC4055] [RFC5280] [RFC5480] [SP800-57] [URI] [URN] [URN-OID] [UTF-8] [X509V3] [XML-C14N] [XML-C14N11] [XML-EXC-C14N] [XML-MEDIA-TYPES] [XML-NAMES] [XML10] [XMLDSIG-XPATH-FILTER2] [XMLENC-CORE1] [XMLSCHEMA-1] [XMLSCHEMA-2] [XPATH] [XPTR-ELEMENT] [XPTR-FRAMEWORK] [XSL10] [XSLT] A.2 Informative references [ABA-DSIG-GUIDELINES] Digital S... [ABA-DSIG-GUIDELINES] [CVE-2009-0217] [DOM-LEVEL-1] [IEEE1363] [RANDOM] [RDF-PRIMER] [RELAXNG-SCHEMA] [RFC4050] [RFC4949] [SAX] [SHA-1-Analysis] [SHA-1-Collisions] [SOAP12-PART1] [UTF-16] [XHTML10] [XML-Japanese] [XMLDSIG-BESTPRACTICES] [XMLDSIG-CORE] [XMLDSIG-REQUIREMENTS] [XMLSEC-RELAXNG] [XMLSEC11-REQS] [XPTR-XMLNS] [XPTR-XPOINTER] [XPTR-XPOINTER-CR2001]
or

Refinement of the section concerned:

Status:

open proposal pending resolved_yes resolved_no resolved_partial other assigned to Nobody

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

On Mon, Jun 20, 2011 at 3:21 PM, Cantor, Scott E. <cantor.2@osu.edu> wrote:
> On 6/20/11 8:37 AM, "Marcos Caceres" <marcosscaceres@gmail.com> wrote:
>>Is there some means to explicitly indicate the order in which
>>certificates in an xml dig sig file should be processed? The problem
>>is that if you screw up the certificate order in the xml file, the
>>validator (e.g,. xmlsec) does not know which cert is the end-entity.
>
> BP is EE first, the rest after (and technically the order of the rest
> isn't supposed to matter).

Can I get an assurance from the XML Sec working group that a
non-normative note will be added to the XML Dig Sig specification wrt
to this best practice? Please consider this comment implementer
feedback on the CR.

Related issues: (space separated ids)

WG Notes: minutes - http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/att-0058/minutes-2011-06-28.html#item09 wg email response - http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0059.html

Resolution: No explanation should be added to XML Signature 1.1 on X.509 certificate usage as this is out of scope, but possibly add information on this topic to XML Signature Best Practices document, http://www.w3.org/TR/2010/WD-xmldsig-bestpractices-20100831/

(Please make sure the resolution is adapted for public consumption)