• Home
• About the IETF
• Mission
• Standards Process
• Note Well
• Internet-Drafts
• Search
• Submit
• Tracker
• RFC Pages
• Search RFC Ed Index
• RFC Editor Queue
• Working Groups
• WG Charters
• Email Lists
• WG Chairs' Page
• Web Tools
• Community Tools
• Wikis
• Meetings
• Upcoming Meetings
• Past Meetings
• Important Dates
• Proceedings
• Mailing Lists
• Announcement Lists
• Discussion Lists
• Non-WG Lists
• IESG
• Announcements
• Statements
• Members
• Minutes
• IPR
• IPR Policy
• File a Disclosure
• Disclosure Search
• Liaisons
• Liaison Statements
• Liaison Managers
• Contact
• Report Web Site Errors
• Customize View
  
• Brief
• Normal
• Extended
• Advanced
• (Requires Javascript)

XMLDSIG Interoperability Report

 MEMO                                                 Donald Eastlake 3rd
 Motorola
 July 2001

                            XMLDSIG Interoperability Report
                            ------- ---------------- ------

 Table of Contents

                 Table of Contents..........................................1

                 1. Introduction............................................2
                 2. Orgnaizations Interoperating:...........................2
                 3. Interoperability Results................................3
                 3.1 Canonicalization.......................................3
                 3.2 Digest/Signature/MAC Algorithms........................3
                 3.3 Features Related to Location of Signed Data............4
                 3.4 Keying Information.....................................4
                 3.5 Transforms.............................................4
                 3.6 Manifest Element.......................................4
                 3.7 Miscellaneous..........................................5

                 Summary....................................................6
                 Author's Address...........................................6
               

 D. Eastlake 3rd                                                 [Page 1]
                             

 MEMO                XMLDSIG Interoperability Report            July 2001
               

 1. Introduction

 XML Digital Signature (XMLDSIG) is a Proposed Standard as specified
                 in [RFC 3075] produced by the joint IETF/W3C XMLDSIG working group.
                 In addition, Canonical XML, which is normatively referenced by
                 XMLDSIG, has been standardized by the W3C and is documented in
                 Informational [RFC 3076].

 It is the consensus of the working group that the XMLDSIG standard
                 should be advanced to the IETF Draft Standard level.  This memo
                 supports that advancement by documenting interoperability of the
                 XMLDSIG features and options except for Minimal Canonicalization
                 which is to be dropped.  The internet-draft to be advanced is draft-
                 ietf-xmldsig-core2-00.txt (soon to be -01). It also has numerous
                 clarifications and improvements in documentation over the current
                 RFC.

2. Orgnaizations Interoperating:

 The following organizations, in alphabetic order, have independently
                 produced interoperable implementations of XMLDSIG:

 Baltimore:
                 Baltimore Technologies <http: www.baltimore.com="">
                 see <http: www.baltimore.com="" keytools="" xml="" index.html="">

 Done:
                 Done Information, Inc. <http: www.doneinformation.com="">
                 Phone: +358 9-5259 240
                 see <http: www.doneinformation.com="" web="" map="" donesignature.html="">

 DSTC:
                 Distributed Systems Technology Centre <http: www.dstc.edu.au="">
                 see <http: security.dstc.com="" products="" xmldsig="">

 Fujitsu:
                 Fujitsu <http: www.fujitsu.com="">

 IAIK:
                 Institute for Applied Information Processing and Communications
   <http: www.iaik.at=""> at Technical University of Graz, Austria.
                 Phone: (+43) (316) 873-5540
                 see <http: jcewww.iaik.at="" products="" ixsil="" index.htm="">

 IBM:
                 IBM <http: www.ibm.com="">
                 see <http: www.alphaworks.ibm.com="" tech="" xmlsecuritysuite="">

 D. Eastlake 3rd                                                 [Page 2]
                             

 MEMO                XMLDSIG Interoperability Report            July 2001
               

 Microsoft:
                 Microsoft <http: www.microsoft.com="">

 NEC:
                 NEC <http: www.nec.com="">

 RSA:
                 RSA Security Inc. <http:www.rsa.com>

3. Interoperability Results

 This section is primarily a restatement in text form of the
                 interoperability matrix at
   <http: www.w3.org="" signature="" 2001="" 04="" 05-xmldsig-interop.html="">.

 Note that this represents just a snapshot of the status of these
                 implementations and they may have advanced significantly.

 3.1 Canonicalization

 Interoperable for the W3C standard Canonical XML (required) and
                 Canonical XML with Comments (recommended) show for all
                 implementations by producing identical results from various inputs.
                 (See also earlier canoncialization testing results at
   <http: www.w3.org="" signature="" 2000="" 10="" 10-c14n-interop.html=""> using the
                 examples from the Canonical XML specification showing
                 interoperability between at least Baltimore and IBM for all features
                 and options.)

 Support for Minimal Canonicalization (recommended in the Proposed
                 Standard) had been shown by NONE of the organizationad and will be
                 DROPPED.

 3.2 Digest/Signature/MAC Algorithms

 Interoperable support of the generation and validation of digests and
                 signature/MAC values using SHA1 (required), DSAwithSHA1 (DSS,
                 required), RSAwithSHA1 (recommended), and HMAC-SHA1 (required) shown
                 by all implementations based on a variety of test cases.

 D. Eastlake 3rd                                                 [Page 3]
                             

 MEMO                XMLDSIG Interoperability Report            July 2001
               

 3.3 Features Related to Location of Signed Data

 Interoperability tests included detached, enveloping, and enveloped
                 signatures. This includes same document references (URI="") with the
                 enveloped signature transform and same document references with
                 fragment (URI="#object1"). Also tested were same document and
                 fragment XPointer ( #xpointer(/) and #xpointer(id("ID")) ).  These
                 are required features except for XPointer, which is recommended, and
                 all implementations supported them except that the Fujitsu and RSA
                 implementations did not support XPointer.

3.4 Keying Information

 The required KeyValue element was interoperably supported by all
                 implementations.  The recommended RetrievalMethod element was
                 interoperably supported by Baltimore, IBM, NEC, and RSA.

3.5 Transforms

 Interoperable support of the three Transform algorithms and the
                 recommended extension to one algorithm, as specified in the standard,
                 are as follows:

 XSLT (optional):
                 Baltimore, IBM, Microsoft, NEC

 XPath (recommended):
                 Baltimore, Fujitsu, IAIK, IBM, Microsoft, NEC, RSA

 here() function (an addition to XPath) (recommended):
                 Baltimore, IAIK, IBM, NEC, RSA

 Enveloped Signature Transform (required):
                 All organizations (see also 3.3 above).

3.6 Manifest Element

 Baltimore, Done, Fujitsu, IAIK, IBM, NEC, and RSA interoperably
                 support digest generation and validation for this optional element.

 D. Eastlake 3rd                                                 [Page 4]
                             

M EMO                XMLDSIG Interoperability Report            July 2001
               

 3.7 Miscellaneous

 All implementations interoperably supported base64 encoding.

 All implementations interoperably supported laxly schema valid
                 Signature element generation.
               

 D. Eastlake 3rd                                                 [Page 5]
                             

 MEMO                XMLDSIG Interoperability Report            July 2001
               

 Summary

 All defined features and options are supported by multiple
                 independent interoperable implementation except for Minimal
                 Canonicalization which has been dropped from the internet-draft which
                 is the candidate for Draft Standard.

 Author's Address

 Donald E. Eastlake 3rd
                 Motorola
                 155 Beaver Street
                 Milford, MA 01757 USA

 Telephone:   +1-508-634-2066 (h)
                 +1-508-261-5434 (w)
                 FAX:         +1-508-261-4447 (w)
                 EMail:       Donald.Eastlake@motorola.com

D. Eastlake 3rd                                                 [Page 6]
                             

Home - Tools - Datatracker - IASA - IAB - RFC Editor - IANA - IRTF - IETF Trust - ISOC - Contact Us
Secretariat services provided by Association Management Solutions, LLC (AMS).
Please send problem reports to: ietf-action@ietf.org.