Digital signatures have a big problem with meaning

[Rich Salz]

>          I don't want to have to re-implement Apache in order to do
>          an SSL implementation. ...

Those analogies aren't apt.  XML is a data format, so it's more like
	I don't want to have to implement ASN1/DER to do S/MIME
Which is a nonsensical complaint.

> Makes sense to me.  The other problem with XML sigs (also pointed out in the
> writeup) is the fact that it gives you 10 ways to do everything, of which only
> 1 is actually correct/secure/usable, but is indistinguishable from the other
> 9.

I don't see it.  Yes, XML DSIG makes it possible to sign parts of an XML 
document.  And there are broken applications.  Er, so what?  Is the lack 
of certificate validation in outlook proof that S/MIME is broken?

> reluctant to implement something that lets users blow their feet off in a
> dozen different ways without even knowing it.

So have your API take an XML document and output a signature that signs 
the exclusive canonicalization of that document, and includes the 
signer's certificate in the keydata.  Problem solved.  And that's a fair 
comparison, since S/MIME is just a profile of PKCS#7 applied to email, 
right?  So use WS-Security which is a profile of XML DSIG applied to 
SOAP messages, for example.

In other postings, you've pointed out that "nobody" re-generates the 
DER, but instead keeps it around to verify the signature.  In the XML 
world we do it all the time; recreating and re-canonicalizing works.  I 
guess that proves S/MIME and PGP are fundamentally broken. :)

	/r$

-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com