This page links to comments/issues raised on the list during first (Feb 28 - March 28 / April 5); second (September 18 - October 20) Last Call; Candidate REC, and how it was resolved. A style sheet declaration is used to not render issues that are considered 'done'. This page is a follow-on to the Editors' Page which had most all oustanding issues resolved prior to going to last call. The source need not be the first isntance the issue was raised, it also might reference a cogent description or WG poll.
Resolutions are expressed as {email,minutes} » (resulting) draft
Source | Isssue | Resolution |
Karlinger/Reagle | Spec still includes some text/definitions referring to the IDREF attribute. There should be no mention of IDREF, all references are via the URI attribute, local references are specified via URI="#foo". | removed » /Drafts/WD-xmldsig-core-200003plc/ |
Reagle | Need better treatment of <any/> within the elements with open content models. | Schema Update » /Drafts/WD-xmldsig-core-200005plc/ |
Karlinger | Should we use ANY or #PCDATA to denote an open content model for an element type within a DTD. | Re: DTDs and ANY » /WD-xmldsig-core-20000510/#sec-CoreSyntax |
Karlinger | Error in 2.1 Simple example and add DSA element types | fixed errors and added DSA element types.» /WD-xmldsig-core-20000510/#sec-DSA |
Karlinger | Typos | /Drafts/WD-xmldsig-core-200003plc/: didn't grok parenthesis, but otherwise done. |
Carl Wallace | X509Dat a : 1) Why impose the choice over X509IssuerSerial, X509SKI and X509SubjectName in the definition of X509Data? | Victoria#KeyInfo » /WD-xmldsig-core-20000510/#sec-KeyInfo |
Karlinger |
Canonicalization of Fragments (and SignedInfo) : We
need further specification w/rspt to Canonical XML as applied to
the SignedInfo element.
Related:
Possible Resolution: |
This issue is addressed in /WD-xml-c14n-20000601 |
Karlinger | sec 6.3.1 (HMAC) Add sentence that in the absence of that parameter there is no truncation. | Eastlake » /WD-xmldsig-core-20000510/#sec-HMAC |
Karlinger | Sec. 7.1 contradicts XML 1.0 : Is whitespace preservered in elements? | Change to core section 7.1 » /Drafts/WD-xmldsig-core-200003plc/: |
Christian Geuer-Pollmann | Comments on 28022000 draft: Wrong URL | /Drafts/WD-xmldsig-core-200003plc/: corrected |
Christian Geuer-Pollmann |
Comments on 28022000 draft: Typos
|
/Drafts/WD-xmldsig-core-200003plc/: typos corrected |
Carl Wallace | KeyInfo questions/comments --(thread)-> Fox's response. | Victoria#KeyInfo » /WD-xmldsig-core-20000510/#sec-KeyInfo |
Peter M. Hesse |
RE: KeyInfo questions/comments : Making KeyValue required does
little good in a trusted environment (fine line between
mandatory to implement and support). Shouldn't let people think it
is sufficient since it might not be trusted.
Possible Resolutions: Do we clarify that KeyValue is a hint? Reiterate difference between signature and trust validation?
|
Victoria#KeyInfo » /WD-xmldsig-core-20000510/#sec-KeyInfo |
TAMURA Kent |
Comments on last call draft: Byte Order Marks, XPath
processing, and attribute ordering.
|
Boyer's 000406 Version ,
Victoria#C14N,
Victoria#Xpath »
/WD-xmldsig-core-20000510/#sec-XPath
Also, minimal is no longer required, but optional. |
Jonathan Marsh and James Clark |
XSL WG comments on XML Signatures
Possible Resolution: |
Boyer's 000406 Version . and
Victoria#XPath »
/WD-xmldsig-core-20000510/#sec-XPath
|
Eric Rescorla | RetrievalMethod : RetrievalMethod is supposed to specify a way to retrieve the sender's public key. However, it's unspecified what will be retrieved by dereferencing the URI in question. | Victoria#Retrieval » /WD-xmldsig-core-20000510/#sec-RetrievalMethod |
Paul Biron (Schema WG) |
XML Schema WG response to the DSig Last Call WD requests that the XML Sig WG rewrite all schema(s) used in defining dsig in terms of the schema specification current when schemas reaches CR. | updated to last call: /WD-xmldsig-core-20000510/ |
Additionally, there are several cases in which more judicious use could be made of Schema Datatypes. For instance, Section 4.2 "The SignatureValue Element" contains the actual signature octet sequence, base64 encoded--it is declared as a string, it should be a binary with the encoding facet equal to base64; | new binary type created, we may opt to constrain string mime types in the future » /WD-xmldsig-core-20000510/#sec-CoreSyntax | |
Section 4.5 "The Object Element" has a MimeType attribute, declared as a string that could be declared as a subtype of string, with a pattern facet that matched all legal mime type variations. | No one on the list has opted to specify this yet. | |
The Schema WG also suggests that the XML Sig WG consider using a mechanism similar to that proposed in [4] for assigning schema datatypes to element/attribute declarations in the dsig DTD. | List : "...while it would make the DTDs more expressive, I don't think it would further the typing capabilities of a 'out of the box' DTD processor; and as we are describing the syntax with schema in parallel, it would probably be of limited utility for us to add this as a work item." | |
Lastly, the dsig WD should make clear whether the schema and DTD included in Section 9 are normative or informative. | Victoria#normative » /WD-xml-c14n-20000601 | |
Susan Lesch | Re: minor typos in WD-xmldsig-core-20000228 | Re: minor typos in WD-xmldsig-core-20000228 » /Drafts/WD-xmldsig-core-200003plc/: |
Martin Duerst (I18N WG/IG) |
I18N WG/IG last call comments See Response Follow-Up for further discussion
of some of these issues.
URIs: For URIs and URI references, add a convention as in http://www.w3.org/TR/charmod/#URIs. (all W3C specs that use URIs in XML are doing this) |
Re: I18N WG/IG last call comments » /WD-xmldsig-core-20000510/#sec-Reference |
Negotiated content: Signed objects are indicated using URIs. It is unclear which object is to be signed in case the URI is content- negotiated (e.g. language-negotiated). Either there must be some mechanisms to provide negotiation parameters (difficult to do in general), or some warnings at least that negotiated resources should not be signed (which may be an undue restriction). In any case, this has to be discussed in the specification. ... | "Applications should be cognizant of the fact that HTTP state and protocol information, (such as a cookies, device profiles or content negotiation), may affect the content yielded by dereferencing a URI." /Drafts/WD-xmldsig-core-200005plc/: | |
MimeType and Charset on Transform: The Transform
element has optional MimeType and Charset parameters. This raises
several questions and problems:
|
Victoria#MimeType and Revised core section 4.3.3.1: MimeType and Charset removed » /Drafts/WD-xmldsig-core-200005plc/: | |
Character encoding and transcoding: [Transcoding
is the conversion from one character encoding (charset) to
another.]
|
Re: I18N WG/IG last call comments , /WD-xmldsig-core-20000601/ » (these issues can be better addressed in the C14N spec) /WD-xml-c14n-20000601 | |
Choice of Element names: There is a 'Transforms' element and a 'Transform' element. This is difficult to distinguing even for English speakers. For people used to languages without singular/plural distinctions, it will create even more confusion. We ask you to change 'Transforms' to something like 'TransformList'. | Victoria#Internationalization :"It is suggested that we change Transforms to TransformList, SignatureProperties to SignaturePropertyList, etc., for easier understanding. Participants appreciate concern but consensus at meeting is not to change due to existing examples and code. | |
Individual
Transforms
|
Victoria#QP : "Consensus to Drop Quoted Printable. It appears not to perform any function which could not be met with entities." » /WD-xmldsig-core-20000510/ | |
Individual Transforms
|
Boyer's 000406 Version , Victoria#C14N, Victoria#Xpath: We believe the current specification addresses these issues » /WD-xmldsig-core-20000510/#sec-XPath | |
... The above considerations have led us to the conclusions below. We hope that you can help us with your experience on security issues to check them. |
||
|
Boyer's 000406 Version ,
Victoria#C14N,
Victoria#Xpath: »
/WD-xmldsig-core-20000510/#sec-XPath (Reagle: I don't think any of our transforms require) |
|
|
Re: I18N WG/IG last call comments » /WD-xmldsig-core-20000601/ | |
|
Re: I18N WG/IG last call comments » /WD-xmldsig-core-20000601/ | |
|
Re: I18N WG/IG last call comments » /WD-xmldsig-core-20000601/ | |
Various comments and non I18N comments. | /Drafts/WD-xmldsig-core-200005plc/: | |
Hallam-Baker, EKR | XML as (string versus nodes) and partial decomposition. | Victoria#C14N : Making C14N REQUIRED, minimal optional. |
Bartel, Lipp | Using an algorithm identifier to represent a specific XPath transform for embedded signatures. | Victoria#Identifier : agree to do it if we can write the proper XPath » /WD-xmldsig-core-20000601/ |
Lipp | Why not remove the whole signature? (instead of just bits of the signature). | Victoria#Identifier : agree to remove the whole Signature element. |
Martin Duerst (I18N WG/IG)
added (000627) |
Followup on I18N Last Call comments and disposition
It is not clear what "signature application" means. If this means an application that produces signatures, we do not understand the sentence in the last paragraph of 7.0 which recommends that such applications produce normalized XML. *** It has to be cristal-clear that no actual normalization should occur in connection with any signing calculation. The current text is not clear enough. |
Proposed : We RECOMMEND that
signature applications create XML content
(Signature elements and their
descendents/content) in Normalized Form C [NFC] and check that any XML being consumed is
in that form as well (if not, signatures may consequently fail to
validate). |
A note should be added explaining the security problem mentioned in our Last Call comments. **** E.g. in Section 8, at a convenient location (e.g. 8.1), add something like: Using character normalization (Normalization Form C of UTR #15) as a transform or as part of a transform can remove differences that are treated as relevant by most if not all XML processors. Character normalization should therefore be done at the origin of a document, and only checked, but never be done during signature processing. | Re: Followup on I18N Last Call comments and disposition»/WD-xmldsig-core-20000711/: Includes new section on "See What You Sign". | |
We insist on not providing character normalization as a transform. We do not insist that character normalization checking is provided as a transform. | Ok. | |
Editorial: in 7.0, avoid "coded character set", use "character encoding". *** These are two different concepts! | Yes, it's a character encoding scheme. Re Followup... » /WD-xmldsig-core-20000711/: | |
It should be mandated that, when a document is transcoded from a non-Unicode encoding to Unicode as part of C14N, normalization must be performed (At the bottom of section 2 and also in A.4 in the June 1st 2000 draft). **** Unicode-based encodings are e.g. UTF-8 and UTF-16. In most cases, the transcoding result is normalized just by design of Normalization Form C, but there are some exceptions. **** The above also applies to other transcodings, e.g. done as part of the evaluation of an XPath transform or the minimal canonicalization. | C14N:
Also proposed to be added to 6.5 of Signature: When a document is transcoded from a non-Unicode encoding to Unicode as part of C14N, normalization SHOULD be performed |
|
In 4.3.3, the text on URI-Reference and "non-ASCII" characters should be alligned with that in XPointer http://www.w3.org/TR/xptr#uri-escaping to make sure all the details are correct. |
accepted (
with suggested tweaks)
Proposed: 4.3.3 The ... The set of characters for URIs is the same as for XML, namely [Unicode]. However, some Unicode characters are disallowed from URI references: all non-ASCII characters and the excluded characters listed in Section 2.4 of [IETF RFC 2396], excluding the number sign (#) and the percent sign (%); and excluding the square bracket characters re-allowed in [IETF RFC 2732]. Disallowed characters must be escaped as described in section 4.1.1 URI Reference Encoding and Escaping of [XPtr]:
|
|
After 'Applications should be cognizant... protocol parameters and state information...', mention that if there is more than one URI to access some resource, the most specific should be used (i.e. e.g. .../interop-pressrelease.html.en instead of .../interop-pressrelease). |
Re Followup...» Proposed
:
4.3.3 The
|
|
In 4.3.3.1, in "IANA registered character set", the term 'character set' should be put in quotes. This is the term that IANA uses, but it's technically incorrect. |
Re Followup...» Proposed
"IANA registered 'character set'" |
|
In the same paragraph, change 'no .... needs such information' to 'no .... needs such explicit information'. |
Re Followup...» Proposed
» accepted [
a,
b]
4.3.3.1 The
|
|
4.5 The Encoding attribute of <Object> is not described. Is that something like 'charset', or something like base64, or what. This needs to be clearly described or removed. |
Re Followup...» Proposed
» accepted [
a,
b]
4.5 The
|
|
6.5 "Canonicalization algorithms take one implicit parameter:" Wrong, the charset is also an implicit parameter, and is very important. The spec must say that this parameter is derived according to the rules for the relevant protocols and formats, and that in particular for XML, the rules defined in RFC 2376 or its successor apply. The spec should also say that in order to be able to correctly sign and verify web documents, it is important that this information is delivered correctly, and that this may require settings on the server side. The spec should also say that for some 'charset's, there may be differences for some characters in which Unicode character a given character is converted, and and should point to the XML Japanese Profile (http://www.w3.org/TR/japanese-xml/) submission for an example and some advice. In particular, documents intended for digital signing should preferably be created using UTF-8 or UTF-16 from the start. The following sentence should also be added to 6.5: Various canonicalization algorithms require conversion to UTF-8. Where any such algorithm is REQUIRED or RECOMMENDED, this means that that algorithm has to understand at least UTF-8 and UTF-16 as input encodings. Knowledge of other encodings is OPTIONAL. [The disposition of comments says "(these issues can be better addressed in the C14N spec)", but because this also affects minimal canonicalization, XPath transform,..., this is not true.] |
Re Followup...» Proposed
» accepted [
a,
b,
c]
Canonicalization algorithms takes two implicit parameter when
they appear as a |
|
6.6.3.2 "The XPath implementation is expected to convert": 'is expected to' is too vague. Please chage this to 'must behave as if it converted....'. | » moved to Canonicalization spec | |
6.6.3.4 'the string converted to UTF-8': Change to 'the string encoded in UTF-8'. (you can convert from one encoding to another, but XPath deals with character independent of an encoding, so convert sounds a bit strange) [two times in the same paragraph]. A similar wording problem exists for 'by serializing the node-set with a UTF-8 encoding'. There is only one UTF-8! | » moved to Canonicalization spec | |
7.1, second list, point 2: 'except... and other character entities not representable...': This may be wrongly understood to mean that e.g. é in a HTML document shouldn't be expanded if the encoding is US-ASCII. This is of course wrong, é should in this case be changed to the appropriate numeric character reference (and the spec may have to say whether these should be decimal or hex,...). |
Proposed »
"All entity references (except "amp", "lt", "gt", "apos", |
Source | Isssue | Resolution |
LaMacchia | Concern over continued ambiguity of the X509 element. Discussed at FTF, and new stab taken at less amigous formulation and substantive tweaks. | Proposed by Eastlake/Gindin and included in WD-xmldsig-core-20000918/ (2nd last call) with no opposition |
Karlinger | Removing SignatureProperties as they are superflous. | No concensus to accept change at FTF given stability of syntax » WD-xmldsig-core-20000918/ (2nd last call) |
Simon | Is there a way to using schema to limit an <ANY> content specification to a specific element w ithin a namespace? | Unclear, so we implement this via a specification proose and a comment in the schema definition of transform "should be an xsl:stylesheet element" » WD-xmldsig-core-20000918/ (2nd last call) |
Davis | Question regarding "how to calculate legally enforceable signatures on behalf of human signers." | Proposal for new paragraph in Introduction (introductory paragraph added stressing constrained scope of XML Signature)» WD-xmldsig-core-20000918/ (2nd last call) |
Hugues | RetrievalMethod 's encoding and type
attributes optional? |
Ambiguity discussed and Eastlake proposes clarifying text. Reagle opposes mandatory type, which is accepted in 20000907 call and represented in » WD-xmldsig-core-20000918/ (2nd last call) |
Roberts | Reagle responded with rational for DTD design without subsequent opposition or counter-proposal.. | no change » WD-xmldsig-core-20000918/ (2nd last call) |
Boyer | Proposed changes to processing model to work with latest Canonical XML so it operates over octets or XPath node-sets. | We've changed the Reference Processing Model (section 4.3.3.1). to permit the presentation and acceptance of XML node-sets between Transforms (and resulting from some URI References) when appropriate.» WD-xmldsig-core-20000918/ (2nd last call) |
Karlinger | In 6.4.2, regarding RSA signatures, ambiguity regarding the treatment of OIDs. |
Consensus on RSA signature structure : The pre-pended
algorithm object identifier within the encoded RSA
SignatureValue is required.» WD-xmldsig-core-20000918/
(2nd last call) |
Steve Wang | I just wonder if it should be hex 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14, i.e., the byte 1F should be 09. | Fixed. |
Source | Isssue | Resolution |
Kent | Comments on XML-Signature S&P draft. (Many
typo/clarifying suggestions: substantive question of:
4.4.4 The X509Data Element The specification does not describe how to include certificate chain though certificate chain is used in the example. In the example, how does a signature application know which certificate has a key to verify the signature? ) |
Reagle: addressed clarifications .
Gindin: The effective rule is that any certificate whose subject name matches the issuer name of any of the other certificates included is a CA from one of the included chains, and thus signature verification should only run on the remaining certificates. Gindin: However, RFC 2459 section 3.2 contains the following: "In general, a chain of multiple certificates >may be needed, comprising a certificate of the public key owner (the end >entity) signed by one CA, and zero or more additional certificates of CAs >signed by other CAs." ... |
Kawatsura | What should the version number be for the base64-encoded CRL? | Wallace responds shouldn't have any. |
Stern |
|
Source | Isssue | Resolution |
Ashwood | Signing an XML instance does not capture the meaning (DTD/schema/comments/spec) of that documents namespace, this is dangerous as that context might change. | Reagle: The WG has decided that signing context is best served by explicitly including a Signature Reference to it. |
Eastlake | How should we enable Keytypes (e.g., SPKIData, X509Data, PGPData) to be extend? | Eastlake : proceed with option 2: extensions to the types may complement existing structures, but replacements should be a child of KeyInfo. |
Wallace/ Tamura |
Should we restrict the use of X509IssuerSerial, X509SKI, and X509SubjectName to identify the message signer's certificate only? | Eastlake : These elements must refer to certficiates with the validation key. |
Tamura | What is returned by RetrievalMethod? | Reagle: octets that are XML documents or elements. |
? | Should there be a KeyValue type? | Eastlake : no substantial interest in changing this, we will leave the document as is, without a KeyValue level type but with the defined KeyValue children types. |
Tamura | Specification permits multiple KeyValues, what does this mean: must they apply to the validating key? | Reagle : no consensus to change from a KeyValue is a "key that may be useful in validating the signature?" |
Reagle | Should we specify KeyInfo as a sequence of optionals, instead of (0,*) choices of mandatories? | No support for this proposal . |
Ken Goldman | Is the X509SerialNumber an XSD integer type or binary/hex/base64? (If integer, why was it chosen given its verbose and computationally burdensome to translate into.) | Eastlake : "as far as I know, X.509v3 defines CertificateSerialNumber as INTEGER." Would depend on implementors: Tamura: "I don't want to change our implementation and this change might cause performance penalty on Java because Java treats serial numbers as BigInteger instance.": "as far as I know, X.509v3 defines CertificateSerialNumber as INTEGER." and k: "I don't want to change our implementation and this change might cause performance penalty on Java because Java treats serial numbers as BigInteger instance." |
Karlinger/Reagle | XSLT child of Transform is of type string, should be changed or removed? | Removed, since the instances were invalid against the string type regardless. |
Glenn Adams | "... we request that the XML DSIG group add URNs for these algorithms, e.g., http://www.w3.org/2000/09/xmldsig#md5 http://www.w3.org/2000/09/xmldsig#rsa-md5" | Because of timing/scope, request was declined but added to informational document . |
Eastlake/Reagle | Should Minimal Canonicalization be removed? | No implementations reported, Minimal Canonicalization removed ( added to an informational document). |
Source | Isssue | Resolution |
Eastlake | MgmtData and the children of X509, PGPData, and SPKIData should be shown to to be implemented and interoperate. | Eastlake : only there for extensibility, no specified behaviour so we retain as is. MgmtData is deprecated. |
van der Koogh | Questions/Proposals for more warnings about trustworthiness and changes to KeyInfo structures." | Eastlake : The XMLDSIG standard is not about trust. Reagle: add clarifying sentence. |
van der Koogh | In 6.4.1 DSA you specify that p, g, q, y are to be mandatory in the DSAKey. And that J, seed, and pgenCounter are optional? First it's possible to have systemwide p, g, and q and have only y be the public key. So you don't have to repeat p, g and q in all communications and force people to use certain values... Now there's no reference to what J, seed and pgenCounter are exactly. I don't know what they are but because of "seed" I think this might have something to do with the seed of a PRNG? If this is the case then these optional elements tell way more than just the DSAKey and should therefor not be used. | Eastlake/LaMacchia: drafted clarifying text |
van der Koogh | Why don't you have something like: <SignatureValue> <DSA><R>alsdkfjalsdjfasf</R><S>asldkjfalskdfjd</S></DSA> </SignatureValue> |
Eastlake : There doesn't seem to be much advantage in labeling
the parts as you suggest above. |
Hughes | "Forcing the CRL to be placed in a separate X.509 data element from the corresponding certificate material simply makes the process of identifying association harder." | Eastlake : Consensus to tweak the schema. |
Eastlake | Is whitespace significant in DNames? | Reagle : white space is significant |
Hughes | How to encode a strings in a DName in XML-Signature relevant structures (IssuerName, SubjectName) | Reagle: included Karlinger's text. |
Hughes | XPath states that an element's namespace axis includes all non-overridden namespace declarations from all ancestors. C14N then states that we must write these out during canonicalization, whether or not they are used. This means, as we know, that signatures cannot be successfully moved into documents which have other namespaces in force. | Reagle/Eastlake: an exclusive canonicalization will be developed orthogonally. |
Dournaee / Hughes | Are Object's Encoding and MimeType attributes redundant? If not, what do they mean when together? | Reagle : Clarifying they may be used together but Transforms should be used. |
Hughes & Oleary | "A value of "collapse" means that a validating parser normalizes whitespaces in the string content of the DigestValue element. This behaviour could break the signature, if the signer produces a digest value containing sequences of whitespaces, and the verifier schema validates the signature." | Reagle: please see resolution of next issue and that schema validation should be considered a transform. |
Brian LaMacchia | "do we really want/need line breaks every 76 characters?" | Reagle: the Schema WG responds that there is no line length and may contain base64 characters plus any XML whitespace. |
(These questions were raised during the extended Proposed REC while we waited for IESG approval. The threshold for inclusion are proposals "that don't upset *any* person, previous concensus, instances, or implementations: just small tweaks that make the spec better in everyone's eyes."
Source | Isssue | Resolution |
LaMacchia | Suggests we remove the restriction on elliding "at most one" URI attribute from a Reference. | Reagle: Lack of consensus [ 1] for change. |
Salz | "SignatureProperty and Object element definitions should be modified to allow the xml:space attribute." | Reagle: Lack of consensus [ 1, 2, 3] for the change. |
Gregor Karlinger | Question of DNAME encoding and compliance with RFC2253. | Reagle: Publication in progrss so editorial tweak in the editors' draft, didn't make it into ietf-draft should be able to squeeze it in before RFC. semi-substantive changes need more advocacy and will be done only if we can accomodate it during final publicaiton. |
Last revised by Reagle $Date: 2002/02/15 21:25:13 $
=======