IRC log of xmlsec on 2007-09-25

Timestamps are in UTC.

15:57:53 [RRSAgent]
RRSAgent has joined #xmlsec
15:57:53 [RRSAgent]
logging to
15:57:59 [tlr]
Meeting: XML Security Workshop
15:58:07 [ht]
Scribe: Henry S. Thompson
15:58:11 [ht]
ScribeNick: ht
15:58:20 [tlr]
bridge is setup
15:58:36 [Zakim]
15:59:08 [Zakim]
15:59:17 [ht]
15:59:59 [smullan]
smullan has joined #xmlsec
16:00:10 [esimon2]
esimon2 has joined #xmlsec
16:00:36 [esimon2]
Hi, I've phoned in and can hear voices; not sure if you can hear me.
16:00:43 [tlr]
we haven't heard you so far
16:00:51 [esimon2]
I'm talking now.
16:00:56 [tlr]
we don't hear you
16:01:22 [esimon2]
Don't worry too much about not hearing me, I'll type in anything I need to say.
16:01:28 [esimon2]
I can hear you.
16:02:20 [esimon2]
I can hear you.
16:02:23 [ht]
We can't hear you :-(
16:02:37 [esimon2]
Don't worry too much about not hearing me, I'll type in anything I need to say.
16:02:54 [PHB]
Wait a mo, Chris will turn on the voice from God feature
16:02:56 [PHB]
Speak now
16:03:05 [ht]
you can stop now
16:03:07 [esimon2]
I'm countin
16:04:12 [esimon2]
Was there a web link to see slides; I think Phill had mentioned something about a Sharepoint server. Again, if it is not set up, that is fine. I'm OK with just listening in.
16:04:54 [esimon2]
Yes, I can hear Frederick.
16:05:12 [Zakim]
16:06:42 [hiroki]
hiroki has joined #xmlsec
16:06:47 [Zakim]
16:07:40 [tlr]
16:08:06 [ht]
FH: The purpose is not to do the work here, but to decide if and how to take work forward -- how much interest is there in participating in a follow-on to the XMLSec Maint WG -- what would the charter look like, what issues we would addresss
16:08:20 [ht]
... We will use IRC to log and to provide background info
16:08:36 [sdw]
sdw has joined #xmlsec
16:08:48 [ht]
Chair: Frederick Hirsch
16:09:17 [ht]
s/The purpose/The purpose of this workshop/
16:10:43 [MikeMc]
MikeMc has joined #xmlsec
16:10:48 [ht]
ht has changed the topic to: Agenda:
16:11:26 [ht]
FH: Please consider joining the XMLSecMaint WG
16:11:39 [ht]
... Weekly call, interop wkshp on Thursday
16:11:54 [ht]
... Thanks to the members of the WG who reviewed papers for this workshop
16:12:48 [ht]
ThomasRoessler: Existing WG has a limited charter, maintenance work only
16:12:58 [esimon2]
I can hear very well, thanks.
16:13:11 [ht]
... ALso chartered to propose a charter for a followon WG
16:13:37 [ht]
... We won't draft a charter at this workshop, but we hope to produce a report which indicates support and directions
16:13:44 [gpilz]
gpilz has joined #xmlsec
16:13:49 [ht]
... That in turn will turn into a charter, if the outcome is positive
16:14:12 [ht]
... Which then goes to the Advisory Committee for a decision
16:14:23 [ht]
... The timescale is next year and beyond
16:15:17 [ht]
s/what?/Topic: Introduction/
16:15:42 [ht]
TR: [walks throught the agenda]
16:17:04 [ht]
Attendance: approx. 25 people in the room
16:19:47 [ht]
TR: Slides which are on the web, drop URI here; otherwise send in email to and
16:22:25 [FrederickHirsch]
FrederickHirsch has joined #xmlsec
16:25:05 [FrederickHirsch]
zakim, who is here?
16:25:06 [Zakim]
On the phone I see [Workshop], Ed_Simon
16:25:06 [Zakim]
On IRC I see FrederickHirsch, gpilz, MikeMc, sdw, hiroki, esimon2, RRSAgent, ht, rdmiller, tlr, trackbot-ng, Zakim
16:25:25 [esimon2]
I spoke, did you hear me?
16:25:38 [tlr]
ed, you were 100% clear
16:27:02 [cgi-irc]
cgi-irc has joined #xmlsec
16:27:12 [FrederickHirsch]
16:27:45 [ht_]
ht_ has joined #xmlsec
16:27:52 [ht_]
[Talks will not be scribed, scribing will resume for discussion]
16:28:14 [tlr]
16:29:17 [cgi-irc]
zakim, cgi-irc is brich
16:29:17 [Zakim]
sorry, cgi-irc, I do not recognize a party named 'cgi-irc'
16:29:29 [tlr]
bruce, don't worry. ;)
16:30:00 [klanz2]
klanz2 has joined #xmlsec
16:32:33 [klanz2]
test ...
16:33:35 [FrederickHirsch]
can use xslt and xpath2.0 to create signature malware
16:38:43 [esimon2]
Audio has ended for me.
16:38:58 [MikeMc]
we can tellsomething changed - phil is looking into it
16:39:08 [esimon2]
audio is back!
16:39:16 [MikeMc]
switched mics
16:39:47 [FrederickHirsch]
ed do you have audio now?
16:41:42 [ht_]
[Following is approximate, apologies for mistakes]
16:41:45 [ht_]
Attendance: Frederick Hirsch, Konrad Lanz, Juan Carlos Cruelas, Bruce Rich, Mike McIntosh, Hugo Krawczyk, Gilbert Pilz, Hiroki Ito, Brad Hill, Rob Miller, Jeannine Schmidt, Henry Thompson, Sean Mullan, Gary Chung, Michael Leventhal, Steven Williams, Pratik Data, ? Chen, Phillip Hallam-Baker, Thomas Roessler, Ed Simon (via phone)
16:45:52 [ht_]
TR: Questions of clarification
16:46:12 [ht_]
FH: Restricting to only a few transformations?
16:46:32 [ht_]
BH: Yes, restrict to just small well-known set
16:47:10 [ht_]
SC: Mostly to implementations, rather than specs
16:47:18 [smullan]
smullan has joined #xmlsec
16:47:29 [ht_]
... Need to reduce the attack surface of implementations
16:47:39 [ht_]
... so we need an implementors guide, right?
16:48:12 [ht_]
BH: Right
16:48:39 [ht_]
KL: XSLT should default to _dis_able features, not _en_able
16:49:26 [ht_]
s/Sean Mullan/Scott Cantor, Sean Mullan/
16:50:01 [ht_]
s/Pratik Data/Pratik Datta/
16:50:46 [tlr]
16:55:04 [tlr]
zakim, code?
16:55:04 [Zakim]
the conference code is 965732 (tel:+1.617.761.6200 tel:+ tel:+44.117.370.6152), tlr
16:59:02 [esimon2]
Ed's comment: If the structure of a document is important to the meaning of the document (as shown in the examples), then signing by ID (which is movable) is insufficient.
16:59:22 [ht_]
BH: How would you compare doing a hashed retrieval compared to ???
17:00:02 [esimon2]
Presentation highlights the need to rethink the XPointer functionality.
17:00:05 [ht_]
[scribe didn't get the question]
17:00:25 [ht_]
MM: Apps certainly need to interact better with signature processing
17:01:07 [ht_]
... Need for overlapping signatures implies a need for a signature object model, so you can iterate over all the signatures and treat them independently
17:02:18 [esimon2]
Ed says: I don't know that apps need to interact with signature processing better; rather, apps need to ensure the signatures they use sign all the critical information -- content as well as structure.
17:02:32 [ht_]
TR: Open up discussion of security vulnerabilities, other than crypto
17:03:17 [ht_]
MM: It's a pain that I have to encrypt the signature block
17:04:42 [tlr]
MM: DigestValue should be optional
17:04:55 [ht_]
ScribeNick: tlr
17:05:07 [klanz2]
17:05:52 [tlr]
ack klanz
17:06:34 [tlr]
MM: presence of DigestValue means that plaintext guessing attack is possible if plaintext encrypted
17:06:51 [tlr]
... therefore, would have to encrypt the signature as well ...
17:06:55 [tlr]
FH: why is tha tpainful?
17:06:58 [tlr]
MM: tried xml ecn?
17:07:01 [tlr]
17:07:37 [FrederickHirsch]
Konrad: having digest necessary for manifest procesing
17:07:51 [FrederickHirsch]
Scott: should be optional to have digests
17:08:18 [FrederickHirsch]
Konrad: also verification on constant parts that are archived separately etc
17:08:29 [tlr]
klanz: Know of manifest use in electronic billing context
17:10:08 [ht]
s/Datta/Datta, Corinna Witt, Jeff Hodges, Jimmy Zhang/
17:11:59 [klanz2]
17:12:17 [klanz2]
Signing XML Documents and the Concept of “What You See Is What You Sign”
17:12:47 [tlr]
scott: need profiles *and* implementation guidelines
17:13:25 [klanz2]
17:14:45 [FrederickHirsch]
frederick: asks about clarifying what implementation guide is versus profiling
17:15:12 [FrederickHirsch]
Scott: need to have hooks in code that enable best practices to be followed ,implementation guide
17:15:55 [FrederickHirsch]
... for example, saying signature is valid isn't enough if you are not sure what has been signed, hooks may be needed for this
17:16:59 [klanz2]
ack klanz2
17:17:05 [klanz2]
17:18:49 [esimon2]
Ed: I am OK with just listening in and typing comments on IRC. No need to complicate things for others on my account.
17:19:46 [klanz2]
17:19:52 [FrederickHirsch]
Symon: policy can be used to limit what is done with xml security, anohter approach to avoid problems
17:20:29 [FrederickHirsch]
ack klanz
17:20:59 [FrederickHirsch]
discussion as to whether xmlsig spec is broken
17:21:14 [esimon2]
The XSLT 2.0 specification mentions a number of security considerations dealing with issues raised earlier.
17:21:31 [esimon2]
Agree with Konrad.
17:22:24 [tlr]
Hal Lockhart presenting; slides later
17:23:48 [esimon2]
17:24:24 [tlr]
17:25:01 [esimon2]
Thanks very much.
17:27:12 [jcc]
jcc has joined #xmlsec
17:37:55 [FrederickHirsch]
hal: notes various issues have been document in ws-security, ws-i basic security profile and other places
17:38:08 [FrederickHirsch]
frederick: also liberty alliance work
17:41:53 [klanz2]
17:42:09 [FrederickHirsch]
ack klanz2
17:42:36 [FrederickHirsch]
klanz2: false negatives will be perceived very badly
17:43:21 [FrederickHirsch]
... need to focus on what you see is what you sign, then false negatives main issue
17:43:32 [FrederickHirsch]
hal: agrees
17:44:34 [FrederickHirsch]
hal: challenge is interface between applicatoin and security processing to get proper security for applciation
17:45:23 [FrederickHirsch]
henry thomson: liaison issues - schema, processing model wg,
17:45:48 [FrederickHirsch]
... say to validate you must decrypt, perhaps
17:45:57 [klanz2]
17:47:08 [esimon2]
I agree, I think, with Henry re his comments about XPointer to help resolve the ID issue.
17:47:15 [FrederickHirsch]
... re id issue , maybe new xpointer version?
17:47:50 [ht]
s/xpointer version/xpointer scheme/
17:48:12 [FrederickHirsch]
scott: +1 to klanz, concern about false positivies, issues for adoption
17:48:26 [FrederickHirsch]
ack klanz2
17:48:30 [FrederickHirsch]
ack klanz
17:48:40 [FrederickHirsch]
ack klanz
17:49:28 [FrederickHirsch]
scott: most xml processing is not schema aware, xsi:type is not visible to processing
17:50:24 [FrederickHirsch]
ht: would issue be solved if sig re-worked to be signing of Infosets
17:52:03 [FrederickHirsch]
klanz: tradeoff performance & infoset signing
17:53:47 [PHB]
PHB has joined #xmlsec
17:54:19 [PHB]
18:02:22 [FrederickHirsch]
ack PHB
18:02:59 [FrederickHirsch]
PHB: could use some examples of difference between infoset and current signing approach. What is really different.
18:05:43 [Symon]
Symon has joined #xmlsec
18:06:08 [tlr]
18:30:58 [tlr]
ScribeNick: tlr
18:31:03 [tlr]
Topic: cryptographic aspects
18:31:27 [tlr]
18:31:35 [tlr]
Hugo Krawczyk presenting
18:31:46 [MikeMc]
the slides for this session are at
18:32:47 [tlr]
hugo: post-wang trauma, how do we deal with it...
18:33:01 [MikeMc]
actually - the papers are there - not the slides - sorry
18:33:22 [tlr]
slides are at the link I gave above
18:33:42 [sean]
sean has joined #xmlsec
18:35:55 [sean]
sean has joined #xmlsec
18:36:06 [FH]
FH has joined #xmlsec
18:36:36 [tlr]
zakim, who is on the phone?
18:36:36 [Zakim]
On the phone I see [Workshop], Ed_Simon
18:36:58 [FH]
zakim, who is here?
18:36:58 [Zakim]
On the phone I see [Workshop], Ed_Simon
18:36:59 [Zakim]
On IRC I see FH, sean, Symon, PHB, jcc, smullan, ht, cgi-irc, gpilz, MikeMc, sdw, hiroki, esimon2, RRSAgent, rdmiller, tlr, trackbot-ng, Zakim
18:48:13 [FrederickH]
FrederickH has joined #xmlsec
18:48:21 [klanz2]
klanz2 has joined #xmlsec
18:49:14 [tlr]
hal: any attacks for which we need to check whether random strings are diferent?
18:49:25 [tlr]
hugo: critical for the signer to check that these strings are different
18:49:35 [tlr]
hal: if random value same for every signature, then can do offline attacks
18:49:51 [tlr]
mike: every time you create new signature, you create new value
18:49:58 [tlr]
hal: how important is it to the verifier that this is the case?
18:50:05 [tlr]
... suppose there's no real signer, just a blackhat sending messages ...
18:50:15 [tlr]
... do you have to keep track of fact that he sends same random number? ...
18:50:53 [tlr]
hugo: if you don't find 2nd preimage on one-way function, then attacker can't
18:51:03 [tlr]
hal: thinking about guessing attack or so
18:51:17 [tlr]
... there are attacks against CBC if IV isn't always different ...
18:51:30 [tlr]
hugo: uniqueness of randomness per signature is not requirement
18:51:41 [tlr]
... requirement is that the attacker must not know randomness that legitimate signer is going to use ...
18:52:09 [tlr]
... question is a valid concern, though ...
18:52:14 [tlr]
... in this case, there's no more to it ..
18:52:36 [tlr]
phb: fuzzy about what security advantage is ...
18:52:55 [tlr]
... we're nervous about hash functions for which malicious signer can create signature collisions ...
18:53:01 [tlr]
... that's attack we're concerned with ...
18:53:26 [tlr]
... randomness proposal makes this the same difficulty as the legitimate signer signing document, and attacker tries to do duplicate ...
18:53:44 [tlr]
... how does this make anything more secure against malicious signers? ...
18:54:04 [tlr]
hugo: technique does not prevent legitimate signer from finding two messages that have same hash value ...
18:54:17 [tlr]
... legitimate (not honest) signer could in principle find two messages that map to same hash value ...
18:54:26 [tlr]
... can't be case if hash function is collision resistant ..
18:54:33 [tlr]
... if it isn't, problem could in principle occur ...
18:54:48 [tlr]
... if you receive message with signature, then signer is committed to that signature ...
18:55:01 [tlr]
... (example) ...
18:56:12 [tlr]
... point is: every message that has legitimate signature commits signer ...
18:56:41 [tlr]
... note that hash function might be collision-resistant, but signature algo might not be ...
18:57:15 [tlr]
hal: attack is to get somebody to sign a document, and have that signature make something else
18:57:19 [tlr]
phb: ok, now i get it
18:57:28 [tlr]
... more relevant to XML than certificate world ...
18:58:02 [tlr]
"not *any* randomness" backup slide
18:58:40 [tlr]
phb: what I can see as attractive here is -- once SHA3 discussions -- ....
18:59:01 [tlr]
... instead of having standard compressor, have compressor, MAC, randomized digest all at once ...
18:59:04 [tlr]
... with parameters ...
18:59:49 [tlr]
frederick: time!
19:00:13 [tlr]
hugo: re nist doc, it applies to any hash function
19:00:32 [tlr]
... exactly like CBC and block cyphers ...
19:01:12 [FrederickH]
19:01:48 [tlr]
mcIntosh on implementing it
19:02:04 [tlr]
... implemented preprocessing as Transform
19:02:29 [tlr]
(occurs after c14n on slide)
19:07:50 [tlr]
19:08:54 [tlr]
hugo: rsa-pss doesn't solve same problem as previous randomization scheme ...
19:08:57 [tlr]
... orthogonal problem ...
19:09:01 [tlr]
konrad: ack
19:14:16 [FrederickH]
second hash function in diagram for RSA-PSS
19:21:35 [FrederickH]
tlr: asks about unique urls for two different randomizations, yet could they be combined?
19:22:03 [FrederickH]
e.g. RSA-PSS vs Randomized hashing as described by Hugo
19:22:07 [tlr]
tlr: these are two different randomization schemes, they're orthogonal to each other, yet both affect the same URI space to be addressed
19:22:15 [tlr]
... so the proposed integrations can't be integrated ...
19:22:25 [tlr]
konrad: ??
19:22:30 [tlr]
hugo: streaming issue (?)
19:22:56 [tlr]
s/??/maybe can share randomness between two approaches/
19:23:20 [tlr]
s/streaming issue (?)/want randomness in different places from ops perspective; streaming issue/
19:27:20 [FrederickH]
sean: why did tls not adopt RSA-PSS
19:27:58 [FrederickH]
hugo: inertia, people also are staying with SHA-! versus SHA-256
19:29:27 [FrederickH]
phill: tls different in terms requirements it is meeting. Documents different than handshake reuqiremnets
19:30:10 [tlr]
konrad: moving defaults...
19:30:12 [tlr]
... time for that
19:31:15 [tlr]
zakim, who is on the phone?
19:31:16 [Zakim]
On the phone I see [Workshop], Ed_Simon
19:31:40 [tlr]
19:31:47 [tlr]
jeanine schmidt presenting.
19:32:41 [tlr]
jeanine: Crypto Suite B algorithms ...
19:32:45 [tlr]
... regrets from Sandi ...
19:34:57 [FrederickH]
use of 1024 through 2010 by NIST, indicates potential key size growth issue
19:35:46 [FrederickH]
ecc offers benefits for key size and processing
19:36:33 [tlr]
looking for convergence of standards in suite B
19:37:02 [FrederickH]
NSA would like to see Suite B incorporated in XML Security
19:37:28 [FrederickH]
DoD requirements aligned with this
19:38:27 [tlr]
details could be worked out in collaboration
19:39:10 [tlr]
hugo: specifically saying key agreement is ECDH?
19:39:15 [tlr]
jeanine: yes, preliminarily
19:39:22 [tlr]
hugo: IP issue behind not talking about ECMQV?
19:39:31 [tlr]
jeanine: yeah, that's an issue ...
19:39:36 [tlr]
... but ECDH might be more appropriate algorithm for XML ...
19:39:44 [tlr]
... whether one or both is a question for future work ...
19:39:50 [tlr]
hugo: Can you make this analysis available?
19:40:08 [tlr]
jeanine: this is something that should be worked out betw w3c and nsa
19:40:12 [tlr]
... preliminary recommendation ...
19:40:35 [tlr]
tlr: w3c would need to mean "community as a whole"
19:40:50 [tlr]
frederick: I hear "nsa could participate in WG"?
19:40:52 [tlr]
jeanine: yes
19:41:03 [tlr]
phb: ECC included with recent versions of Windows ...
19:41:10 [tlr]
... doesn't believe they've licensed that from Certicom ...
19:41:16 [tlr]
... given MS's caution in areas to do with IP ...
19:41:23 [tlr]
... maybe ask them how they navigate this particular minefield ...
19:41:36 [tlr]
... if there is a least encumbered version ...
19:41:45 [tlr]
... then will follow the unencumbered path ...
19:41:56 [tlr]
hal: what is involved here in terms of spec?
19:42:02 [tlr]
jeanine: primarily identifiers
19:42:48 [tlr]
frederick: some unifying effort for identifiers might be needed
19:43:04 [tlr]
konrad: spirit of specs is to reuse identifiers
19:43:18 [tlr]
frederick: also recommended vs required
19:43:43 [FrederickH]
rfc 4050 has identifiers
19:43:46 [tlr]
sean: in RFC 4054, there's already identifiers for ECDSA with SHA-1
19:44:13 [tlr]
phb: keyprov would like to track down as many of algo ids as possible
19:44:26 [tlr]
... if you have uncovered any (OIDs, URIs), please send a link
19:44:34 [tlr]
hal: start with gutmann's list
19:44:42 [tlr]
frederick: please share with xmlsec WG
19:44:50 [sean] has URIs for ECDSA-SHA1
19:45:01 [tlr]
frederick: what is next step for NSA at this point -- see what happens here?
19:45:05 [tlr]
jeanine: yes
19:45:38 [tlr]
lunch break; reconvene at 1:30
19:46:12 [esimon2]
19:46:28 [tlr]
reconvene: 1:45
20:06:39 [Zakim]
20:18:17 [smullan]
smullan has joined #xmlsec
20:45:12 [Zakim]
20:46:42 [esimon2]
I am on the call.
20:47:54 [sdw]
scribe: sdw
20:48:13 [esimon2]
are slides available online?
20:49:14 [sdw]
Must Implement
20:49:30 [sdw]
A-la-cart - Combinatorial explosion
20:50:08 [sdw]
Hidden Constraints: Often not any to any for implementations
20:51:33 [tlr]
20:51:57 [esimon2]
20:51:58 [sdw]
Result: many variations to test, many configurations for analysis, deviation from specification
20:52:28 [sdw]
Proposal: Quantum Profiles
20:53:02 [sdw]
Unique URI for profile that fully specifies choices at each level.
20:55:46 [sdw]
Discrete options combinations, modes are more complicated.
20:59:09 [sdw]
Negotiation of specific combinations.
20:59:29 [sdw]
URIs that are intentionally opaque, not sub-parsed.
21:02:11 [FrederickH]
sdw: a possible analogy is font strings in X11
21:02:57 [FrederickH]
konrad: would be useful to have uri's that indicate strength (eg weakest key length)
21:02:59 [sdw]
Partial ordering of profiles may make sense, but might not be good.
21:03:58 [smullan]
smullan has joined #xmlsec
21:04:15 [sdw]
Meeting certain requirements, such as for a country, may be more of a private profile, possibly including country name, for instance.
21:04:42 [sdw]
Hugo: Are you making similar proposals in other groups such as IETF?
21:05:43 [sdw]
Phillip: This is something that I would like to take up in other groups. The problem with IETF is that we're dealing with protocols that already have slots for OIDs and it would be difficult to see how to go forward with ASN-based infrastructure and change.
21:06:21 [sdw]
Where picking profiles, CFIG and other groups would likely participate to define OIDs, etc. for certain coherent suites.
21:06:53 [sdw]
How is that approach applicable to signature? We are already in A-la-carte situation.
21:10:23 [sdw]
Presentation: The Importance of incorporating XAdES extensions into ongoing XML-Sig work
21:13:24 [FrederickHirsch]
FrederickHirsch has joined #xmlsec
21:13:48 [tlr]
21:13:48 [esimon2]
21:13:57 [esimon2]
21:14:15 [ht]
Agenda now has more slide pointers. . .
21:14:47 [FH]
FH has joined #xmlsec
21:14:49 [gpilz]
gpilz has joined #xmlsec
21:16:06 [sdw]
Defines XAdES forms that incorporates specific combinations of properties.
21:16:28 [FH]
21:17:11 [sdw]
Use of these profiles allows much later use and auditing of signed data.
21:18:07 [FH]
jcc slides
21:21:02 [sdw]
Supports signer, verifier, and storage service.
21:23:46 [sdw]
Signature policy identifier references specific rules that are followed when generating and verifying signature.
21:24:00 [sdw]
Includes digest of policy document.
21:26:50 [sdw]
SignatureTimeStamp verifies that signature was performed earlier.
21:27:17 [sdw]
CompleteCertificateRefs has references to certificates in certpath that must be checked.
21:31:38 [sdw]
Has change been made to change countersignatures to include whole message rather than just original signature?
21:31:47 [sdw]
Don't believe that has been done yet.
21:34:24 [sdw]
Report in ETSI summarizes state of current cryptographic algorithms and makes certain recommendations.
21:35:40 [sdw]
Only minor changes to the standards are in process.
21:39:12 [sdw]
Can individuals use these signatures with the force of laws?
21:41:47 [sdw]
Depends on legal system: Rathole.
21:42:36 [esimon2]
21:47:16 [sdw]
Presentation: XML Signature Performance and One-Pass Processing issues
21:47:30 [klanz2]
klanz2 has joined #xmlsec
21:48:14 [sdw]
DOM provided good implementation but has performance issues
21:50:20 [sdw]
Event processing requires one or more passes.
21:51:12 [sdw]
Two passes, 1+, cache all elements with ID, or use profile-specific knowledge
21:56:04 [sdw]
Signature information needed before data vs. signature data etc. needed after data.
21:56:12 [sdw]
Can't do with current XML Signature standards.
21:57:38 [sdw]
XML DSig Streaming Impl.: STaX, JSR 105 API, exclusive C14N, forward references, enveloping signatures, Bas64 transform
21:58:28 [FH]
sean: recommend best practices for streaming implementations
21:58:47 [sdw]
Apache project...
21:59:07 [FH]
hal: integrity protecting data stream?
21:59:15 [FH]
... example is movie
22:00:09 [FH]
ht: w3c xml pipelining language wg
22:01:00 [FH]
22:01:08 [sdw]
22:02:22 [ht]
ack FH
22:03:27 [ht]
ack sdw
22:03:39 [klanz2]
22:04:21 [FH]
steve: xml fragments are similar to streaming, but can sign/integrity protect fragments
22:04:34 [FH]
s/similar to/can be used in/
22:06:58 [ht]
ScribeNick: ht
22:07:44 [ht]
FH: The combination of streaming and signature is odd -- you can't release the beginning of the document until you've verified the signature at the end
22:07:54 [FH]
pratik: streaming is for performance, rationale for doing it
22:08:14 [FH]
one point I was making is that sometime you do not need integrity protection for streaming, e.g. in cases where it is ok to drop data
22:08:46 [ht]
HT: Following on, it's precisely for that reason that not doing signature generation is at least odd, since in that case you surely can ship the beginning of the doc while still working on the signature
22:09:18 [FH]
brad: +1 to pratik, value of streaming is performance
22:09:40 [ht]
various: Dispute the relevance of signature to streaming XML and/or dispute the value of streaming at all
22:10:30 [hal]
hal has joined #xmlsec
22:11:00 [ht]
HT: Requirements on XML Pipeline to support streaming of simple XML operations, interesting to understand how to integrate some kind of integrity confirmation _while_ streaming XML
22:11:51 [FH]
s/FH: The combination/?? The combination/
22:12:08 [jcc]
jcc has joined #xmlsec
22:12:08 [esimon2]
Audio seems to be dead.
22:12:30 [esimon2]
yes i can, thanks
22:12:42 [sdw]
Streaming is important in memory constrained or bandwidth / processing constrained applications.
22:13:11 [esimon2]
Yes, thanks.
22:14:17 [ht]
RRSAgent, pointer
22:14:17 [RRSAgent]
22:15:24 [FH]
scott: notes adoption in scripiting languages an issue, using c library not good enough
22:15:39 [FH]
jeff: example is use of XMLSig is barrier to saml adoption in OpenID
22:18:16 [FH]
peter gutman, "why xml security is broken"
22:18:50 [FH]
22:18:54 [FH]
22:19:51 [FH]
Scott: Liberty Alliance worked at producing xml signature case that addresses many of the threats discussed.
22:20:02 [FH]
22:20:59 [FH]
scott: need simpler way of conveying bare public keys
22:21:10 [FH]
... eg pem block
22:21:43 [tlr]
22:21:43 [bhill]
bhill has joined #xmlsec
22:22:29 [FH]
scott: Retrieval method point to KeyInfo or child, issue with spec
22:26:03 [FH]
simplesign - sign whole piece of xml as a blob
22:27:30 [esimon2]
Ed: I agree with the above. If the XML is not going to be transformed by intermediate processes, one can just sign the XML as one does text. And use a detached signature.
22:28:17 [bhill]
have seen this approach successfully in use with XML in DRM and payment systems as well
22:28:30 [esimon2]
What is needed is perhaps a packaging convention like ODF and OOXML use.
22:28:52 [MikeMc]
how is this different from PKCS7 detached? is it the embedding of the signature in the signed data?
22:30:19 [esimon2]
I would have to review PKCS7 detached but I would say the idea is quite similar.
22:30:59 [FH]
konrad: need XML Core to allow nesting of XML, e.g. no prolog etc
22:32:24 [FH]
jeff: using for protocols is different use case than docs, sign before sending to receiver
22:33:20 [tlr]
22:34:10 [tlr]
jimmy: how aboutnamespaces?
22:34:21 [tlr]
jeff: well, we don't care.
22:34:52 [tlr]
jimmy: has to be processed in context of original XML
22:35:09 [tlr]
mike: Why not PKCS#7 detached?
22:35:09 [bhill]
re: PKCS#7 - average Web-era developer doesn't like ASN.1
22:35:25 [bhill]
XML is successful and text wrangling is simple in any scripting language
22:35:37 [tlr]
cantor&hodges: this is for an as simple as possible use case
22:35:59 [tlr]
... point is, people tend to back off from XML Signature in certain use cases ...
22:36:05 [tlr]
... perhaps find a common way for the very simple cases ...
22:36:48 [tlr]
mike: well, there's a simple library, and then there's been 90% of the way to an XML Signature gone
22:37:05 [tlr]
sdw: want to emphasize that there are a number of different situations where you just simply want to encrypt a blob
22:37:07 [tlr]
... or sign it ...
22:37:18 [tlr]
... and be able to validate later without necessarily having complexity ...
22:37:26 [tlr]
... not only protocol-like situations (WS being a good example) ...
22:37:42 [tlr]
... but also in cases where you have sth that resembles more a traditional signed document ...
22:38:06 [tlr]
... store in a database, that way, archival ...
22:39:30 [tlr]
scott: what may be needed to solve my problem is basically a lot more ID attributes than schema (?)
22:39:37 [FH]
scott: more id atttributes in xml sig schema might be helpful
22:39:43 [tlr]
... s/than schema (?)/than in the current schema/
22:39:59 [tlr]
... there is room for improvement here for the ID attributes ...
22:40:08 [tlr]
... with more of these, a lot of referencing is likely to become possible ...
22:40:11 [tlr]
konrad: xml:id?
22:40:18 [tlr]
scott: might be a rationalization here
22:40:30 [tlr]
... if I want to say "htis key is the same as that key", ...
22:40:40 [tlr]
... looks like you need to reference keyInfo and then find the child with XPath ...
22:40:45 [tlr]
... which seems to be a heck of a lot of work ...
22:41:34 [tlr]
konrad: historic context -- at the time, wary of using mechanisms, hence "reference + transform" element
22:41:52 [bhill]
Dinner: anyone coming back by SJC airport?
22:43:20 [MikeMc]
Dinner @
22:43:52 [gpilz]
gpilz has joined #xmlsec
22:45:36 [tlr]
rragent, please make log public
22:45:38 [ht]
RRSAgent, make logs world-visible
22:48:23 [tlr]
(unminuted discussion about xpath vs id attributes)
22:49:19 [tlr]
scott: standard minimal version of xpath?
22:49:25 [tlr]
... preferably not implement the whole pile of work ...
22:49:38 [tlr]
... all of this is begging the question: ...
22:49:45 [tlr]
... ought to be standardized profiles for different problem domains ...
22:49:48 [esimon2]
Ed: ID is simple, but flawed for apps. XPath can be complicated but applications, including XML Signature, can profile its use for specific uses.
22:50:19 [bhill]
+1 for minimal XPath
22:50:41 [tlr]
... without standardized profiles for specific problem domains, a bit too much ...
22:50:55 [esimon2]
What time do we resume?
22:51:15 [sdw]
We called our implementation of "Simplified XPath" Spath.
22:51:43 [esimon2]
22:51:44 [tlr]
sdw, is that publicly visible anywhere?
22:55:48 [brich]
brich has joined #xmlsec
23:27:24 [sdw]
Not currently.
23:31:04 [esimon2]
23:33:49 [esimon2]
I am interested.
23:34:48 [FH]
topic: profiles summary
23:35:00 [FH]
basic robust profile
23:35:05 [klanz2]
klanz2 has joined #xmlsec
23:35:05 [FH]
bulk signing - blob signing
23:35:11 [FH]
use specific?
23:36:14 [FH]
metadata driven implementation
23:36:20 [FH]
brad - like policy
23:39:18 [bhill]
konrad: can this be done with / expressed as a schema?
23:40:29 [bhill]
FH: policy implies a general language vs. a hard/closed specification for a profile
23:41:05 [bhill]
tlr: difference between runtime and non-runtime profiles
23:41:07 [esimon2]
I believe the next version of XML Signature and XML Encryption should have an attribute designating the profile. I have also pondered whether this should not even be in XML Core.
23:41:59 [bhill]
tlr: implementation time avoids unwanted complexity - teach how to do this with use case examples
23:42:54 [bhill]
scott: implementers want to build a general library and constrain behavior, rather than many implementations
23:44:01 [bhill]
phb: profile reuse: catalog, wiki
23:45:07 [Pratik_]
Pratik_ has joined #xmlsec
23:45:54 [PratikDatta]
PratikDatta has joined #xmlsec
23:45:57 [Pratik_]
Pratik_ has left #xmlsec
23:46:24 [bhill]
michael leaventhal: robust is misleading, ease more important than flexibility, more performance and interop fundamentals over flexibility
23:47:53 [bhill]
jz (?): keep spec understandable and as short as possible
23:47:57 [FrederickH]
FrederickH has joined #xmlsec
23:51:02 [bhill]
brad: be able to limit total resource consumption even in languages like Java and .Net where platform services to limit low-level resource usage do not exist
23:51:20 [bhill]
konrad: some of these issues belong to Core, not just XML Security
23:51:54 [bhill]
fh: need to support scripting languages like Python
23:53:48 [bhill]
bhill: implementation guidelines to partition attack surface, order of operations
23:53:54 [bhill]
tlr: wrapping countermeasures
23:54:46 [bhill]
eric: possible to make it easier to verify than to sign?
23:56:20 [bhill]
konrad and jimmy: what is the scope/charter?
23:56:36 [bhill]
tlr: exploring interest, from profiling to deep refactoring
23:57:22 [hiroki]
hiroki has joined #xmlsec
23:58:28 [bhill]
fh: how to really do see what you sign?
23:59:37 [bhill]
topic: referencing model