IETF 48 XMLDSIG Minutes [1]ascii]
[1] http://www.w3.org/Signature/Minutes/000803-Pittsburgh/Overview.html,text
These minutes cover the XMLDSIG Working Group meeting held on
August 3, 2000, at 15:30 hours in Pittsburgh, PA, USA at the
48th IETF. They include comments from the briefing presenters.
Author: Walter Houser <[2]houser@cpcug.org>
Tweaks: Joseph Reagle <[3]reagle@w3.org> & Donald Eastlake 3rd
<[4]Donald.Eastlake@motorola.com>
[2] mailto:houser@cpcug.org
[3] mailto:reagle@w3.org
[4] mailto:Donald.Eastlake@motorola.com
Working Group home page: http://www.w3.org/Signature/
[5]Agenda [slides] Donald Eastlake (DE)
[5] http://www.w3.org/Signature/Minutes/000803-Pittsburgh/agenda.html
* 15:30 Agenda Bashing
* 15:35 Document Status
* 15:40 Technical comments and discussions re
Canonicalization - namespaces -XSL
* 16:20 Interoperability Results
* 16:40 Technical comments and discussions re Syntax and
Processing - Internationalization
* 17:10 Other, Announcements - XML Encryption (B. Fox)
* 17:25 Future Meetings/Calls (if any)
Agenda Bashing - Donald Eastlake said that a later time in the
week was requested for the working group meeting so some
interoperability testing could be done earlier in the week.
John Boyer stated he would cover enveloped signatures during
his presentation on canonicalization.
[6]Documents' Status [slides] Joseph Reagle (JR)
[6] http://www.w3.org/Talks/2000/0804-ietf-xmldsig/slide2-0.html
Joseph Reagle (JR) - We have two documents in process and one
completely through the process. IESG and W3C have resolved
their copyright language questions and the Requirements
document, whose text was final long ago, is now out as RFC
2807. On the main Syntax and Processing document, IESG had
changes on format and copyright. W3C asked for
internationalization and canonicalization. We see these two as
doable in the short term.
Canonicalization - John Boyer (JB) @[link]
The process of canonicalization requires that XML be
consistent. For example, we chose to use double quote marks
instead of single quote marks.
The most serious issue that remains is how to handle the
xml:base tag. The xml:base tag defines a base uri.
Canonicalization requires the replacement of a URI with the
content of the base document. Most XML parsers do not
distinguish the resulting document content by it source -
internal or external. There are also subtle changes that can
occur with the incorporation of URI content in the document. It
is likely that this will cause problems as signatures do not
typically require further processing. I see two options: Do
nothing or embed the xml:base attribute.
JR - Do you have a preferred solution?
JB - Each has its problems. Perhaps we should wait.
JR - My bias is to do nothing so we can move the document
forward. What is the preference of the WG. If you don't know
the issue or don't care, do not raise your hand. Twelve
supported the Do Nothing option. None supported the embedding
of attributes. JR noted for the record that the WG was not
happy with either.
Donald Eastlake (DE) - Currently canonicalization makes start
tags longer. What about adding a new line before the close
angle bracket at the end of start tags to make the lines
shorter and the canonicalized output more human readable.
JB - this may mess up indenting. It does not change meaning.
JR - We have been through last call; won't the implementers
have a concern with a change?
Brian LaMacchia (BL) of Microsoft - I am against this change to
the draft. Canonicalized output is not viewer friendly. We have
had implementation problems with white space preservation under
other circumstances.
DE - My interest in this is not that strong.
JR - Let's leave this unchanged. Are there any other concerns?
JB - The enveloped transform is messed up. The inside transform
is an xpath. The processing model calls for octets to be
returning a node in the wrong node set. It isn't necessary to
express __ . When the document comes with a signature element,
the hash is created and then placed in the signature element,
breaking the enveloped signature. A fragmentary URI [one ending
with a # fragment specifier] would have a different transform
model. We could push the problem off as a reference URI rather
than do a down path transform. But when the URI is a fragment,
how do we get from a location set to an octet stream?
JR - Where is the location set defined?
JB - [7]XPointer. It's definition is similar to a node set but
also includes points and/or ranges. When a range node includes
portions of other nodes, we should throw an error as we are
only interested in full nodes. Or we could change xml:path to
xml:pointer.
[7] http://www.w3.org/TR/xptr#dt-locset
JR - I can check on that [the reference is ambiguous]
JB - Those implementers that have already done the xml:path
transform may see the xml:pointer transform as extra work.
JR - In the spec we discourage the use of fragment identifiers
within the Reference URI and limit it to "" or "#fragment"
(XPtr bare name). Are we arguing otherwise now?
JB we are indicating people should specify Reference
URI="#xpointer(...)". The bare name XPointer indicates the
signature property but not ___________ .
JR - So you believe we are being ambiguous and should specify
this. What do the implementers say?
BL - After our powwow, we are concerned that we are pointing at
a node stream when we don't know how we can canonicalize it. We
rather that it be that whenever you reference something, you
are ALWAYS returned a octet stream.
JB - Perfect. If we write the enveloped signature
Xpointer/Xpath expression and call the canonicalization method.
We should assume that the URI process always returns back a
byte stream. So the following would be required:
BL - Should we continue special processing when the referenced
document may or may not have be previously canonicalized?
JR - That's a question for the XPointer people.
JB - We should put the canonical transform into the signature
transform. But how do we know if the URI is capable of
canonicalization?
BL - We need a _____ step.
Phil Hallam-Baker (PHB) - What if the XML is not well formed?
JB - Good point. We should assume that a reference URI returns
an octet stream. But we do not assume that the stream is not
itself canonicalized. To have interoperable signatures, a
canonical transform should be added. For example, see section
2.2 Extended Example Object Signature Properties. It will now
have to look like:
k3453rvEPO0vKtMup4NbeVu8nk=
The fragmentary URI is typically a location set. It may be well
formed. It may not. Different XPath engines may yield different
results.
JR - We should include this in the definition of Enveloped
Signature. Are we going to assume every step is an octet
stream?
JB - If we have two successive transforms, we can treat it as
if it were one. The enveloped signature will rewrite a
reference URI and we will add a transform for canonicalization.
Interoperability
DE - The next topic is interoperability testing.
BL - We held interoperability tests this past week.
Petteri Stenius (PS) - The test results have been good, despite
some minor ambiguities. Our implementation does interoperate
[with IBM's] on all current features except Xpath transforms
and its new features. Those features are coming up. We have
enveloped signatures per the current specification, which is
the most important.
BL - We have tested with three implementations using three
different XML parsers and two and a half different crypto
systems. I have enveloping signatures working. We are using
both RSA and DSA key values. White space is inside the tags is
currentlybeing removed by my XML parser, breaking most
signatures, but this will be fixed shortly.
JR - Thank you. We appreciate this work.
?Baache - Was the parser with the white space bug shipped?
JR - They fixed it first. We need the working group's ideas
about auto responders? Next is Ed Simon (ES) from Entrust to
talk about earlier interoperability test findings.
ES - Here are the results from the May-June interoperability
tests for REMTEC [now Done Information, Inc.] and IBM. This
testing is important as the IETF requires two interoperable
implementations before an RFC becomes a ["Draft" or higher
level] standard. Note the sample code to build a simple auto
responder. I also want you to see the Multimedia's report of
their interoperability tests for their SMIL player. The first
is a table of test results for XML schema by vendor. The second
table shows results for test cases by vendor. It appears that
vendors can enter their own test results. We should consider a
similar set of tables.
JR - No comments? Thanks Ed. We have nearly closed our last
call save for a few small issues I would like to cover today.
First, Ed Simon asked that we require style sheet root nodes.
Within a namespace, one could pick any element. But we want
people to pick the root elements only. We should change the
text to read _______
[8]Syntax Issues from the list [slides] Joseph Reagle (JR)
[8] http://www.w3.org/Talks/2000/0804-ietf-xmldsig/slide4-0.html
ES - Hard wiring the schema will enable validation.
JB - Previously we decided to use named parameters in our
namespace. We should keep XSLT wrapped by a dsig parameter tag.
JR - My recollection was that this was a placeholder.
JB - I am happy with your proposed prose. But I want the XSLT
wrapper around the style sheet reference.
Decison: Retain XSLT element type in DSig name space.
JR - Comments? Hearing none, the next question is whether the
X.509 keyinfo element types should be removed? Brian Lamacchia
(BL) has noted we are not doing this very well. It is not in
our charter and should be worked out by other working groups. I
see two options: clean up these specifications or drop them.
BL - If you want multiple certificates, you can use the X509
data clause. We propose the use of multiple certificate
clauses, like the PK bag of certificates.
Russ Housely (RH) - Are we allowing attributes in the bag?
BL - That would require different decoding code. Would the PKIX
WG want to add yet another type? This sort of creeping
complexity is part of the reason why I raised this issue in the
first place. For any decision we make here, there will be
questions as we aren't PKIX.
PHB - Let's focus on what's out there. There is a lot of PKIX
and X509 deployed, but attribute certificates and TSP tokens
are not common.
RH - CMS [Cryptographic Message Syntax, RFC 2630] allows both
certificate types with separate tags.
BL - This is an issue for the list.
Steve Farrell - Just use Public Key certificates.
DE - I will draft the language for the list to comment and
decide.
Decison: Donald Eastlake will propose text that is sufficiently
general so as not to be ambiguous, otherwise we still have the
option of removing this section.
JR - We should be more specific about our definition of XML
signature type for the purpose of conformance requirements. For
example, Gregor said the term signature properties should be
singular as the plural form was confusing to non-native English
speakers.
JB - If we change that, we should review the entire document
for similar instances.
JR - The term has no real significance.
DE - The signature properties does not have to be inside an
Object. If we make this change, then could
be used outside of an Object. As you know, that's something I
wanted to do anyway.
JR - Given the manturity/status of the document, we should keep
it in unless there's consensus to chage. Are there any other
comments?
Decison: Retain SignatureProperties element type in DSig name space.
JR - OK. The next comment was that the DTD example was not
realistic. The example, was a generic illustration and would
need modification before application.
JR - The final comment was one I had. I am concerned that a
style sheet could be changed to hide content while not
invalidating the signature.
JB - Should we change the language from SHOULD to MUST with
respect to style sheets? Signing the XML and the style sheet
should be enough. We do not need to sign the rendering.
ES - The scenario is valid. We should mention the possibility
of it happening. But other equally plausible scenarios suggest
that a requirement would not be appropriate.
Dave Solo - I echo Ed Simon. MUST would mandate behavior that
is unimplementable.
JR - Fine, let's take a straw vote. If you don't know the issue
or don't care, do not raise your hand. How many in the WG say
we should put this in lower case? [Eleven raised their hands].
[None indicated the specification should stay the same]. [One
asked for a stronger position].
Decision: convert directive in Section 8 to lower case as they don't
relate to the conformance of the syntax or signature application.
DE - Other topics?
BL We are planning an informal discussion of XML encryption at
Crypto 2000, Thursday, August 124 at 1:30 in the Anacapa Formal
Lounge. The conference is at UC Santa Barbara. Barbara Fox is
coordinating the event. For more on Crypto 2000 see
http://www-cse.ucsd.edu/users/mihir/crypto2k.html
DE - Given the nearness to completion, I suggest we hold two or
three weekly teleconferences to nail down the final details.
We've held them on Thursdays at 1:30 pm Eastern time which
seems to be the best time for overall convenience. The issues
will be X509 and canonicalization.
JR - Signature is waiting for Canonicalization. If we can
finish canonicalization within a 2-3 weeks, I'd estimate 2-4
weeks of process before it reaches Candidate Recommendation in
the W3C. We can have the Signature specication cued up right
behind that. Canonicalization is to be issued as an
Informational RFC in the IETF.