Digital signatures have a big problem with meaning
Rich Salz
rsalz at datapower.com
Fri Jun 10 12:51:19 EDT 2005
> I don't want to have to re-implement Apache in order to do
> an SSL implementation. ...
Those analogies aren't apt. XML is a data format, so it's more like
I don't want to have to implement ASN1/DER to do S/MIME
Which is a nonsensical complaint.
> Makes sense to me. The other problem with XML sigs (also pointed out in the
> writeup) is the fact that it gives you 10 ways to do everything, of which only
> 1 is actually correct/secure/usable, but is indistinguishable from the other
> 9.
I don't see it. Yes, XML DSIG makes it possible to sign parts of an XML
document. And there are broken applications. Er, so what? Is the lack
of certificate validation in outlook proof that S/MIME is broken?
> reluctant to implement something that lets users blow their feet off in a
> dozen different ways without even knowing it.
So have your API take an XML document and output a signature that signs
the exclusive canonicalization of that document, and includes the
signer's certificate in the keydata. Problem solved. And that's a fair
comparison, since S/MIME is just a profile of PKCS#7 applied to email,
right? So use WS-Security which is a profile of XML DSIG applied to
SOAP messages, for example.
In other postings, you've pointed out that "nobody" re-generates the
DER, but instead keeps it around to verify the signature. In the XML
world we do it all the time; recreating and re-canonicalizing works. I
guess that proves S/MIME and PGP are fundamentally broken. :)
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list