[KEYPROV] PSKC's use of default values
"Anders Rundgren" <anders.rundgren@telia.com> Mon, 10 November 2008 19:55 UTC
Return-Path: <keyprov-bounces@ietf.org>
X-Original-To: keyprov-archive@optimus.ietf.org
Delivered-To: ietfarch-keyprov-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A626B3A6AA8; Mon, 10 Nov 2008 11:55:20 -0800 (PST)
X-Original-To: keyprov@core3.amsl.com
Delivered-To: keyprov@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 259EE3A6AA6 for <keyprov@core3.amsl.com>; Mon, 10 Nov 2008 11:55:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.424
X-Spam-Level:
X-Spam-Status: No, score=-2.424 tagged_above=-999 required=5 tests=[AWL=0.175, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DqzK7YAjT+ye for <keyprov@core3.amsl.com>; Mon, 10 Nov 2008 11:55:18 -0800 (PST)
Received: from pne-smtpout2-sn1.fre.skanova.net (pne-smtpout2-sn1.fre.skanova.net [81.228.11.159]) by core3.amsl.com (Postfix) with ESMTP id 464323A6A9E for <keyprov@ietf.org>; Mon, 10 Nov 2008 11:55:18 -0800 (PST)
Received: from AndersPC (81.232.45.215) by pne-smtpout2-sn1.fre.skanova.net (7.3.129) id 4843FAEB02699F08 for keyprov@ietf.org; Mon, 10 Nov 2008 20:55:14 +0100
Message-ID: <F520D6821743412BA5C57B1A9902A307@AndersPC>
From: Anders Rundgren <anders.rundgren@telia.com>
To: KEYPROV <keyprov@ietf.org>
Date: Mon, 10 Nov 2008 20:55:19 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Mail 6.0.6000.20661
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6000.16669
Subject: [KEYPROV] PSKC's use of default values
X-BeenThere: keyprov@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/keyprov>
List-Post: <mailto:keyprov@ietf.org>
List-Help: <mailto:keyprov-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: keyprov-bounces@ietf.org
Errors-To: keyprov-bounces@ietf.org
I believe I have mentioned this before but I didn't get any response so I try again.
There is a cool feature in XML Schemas that allows you to specify default values.
The not so cool side-effect is that signatures tend to break when you use this feature.
Why?
When you generate XML you usually do not use a schema, you just write.
The signature generation part do not know the schema either which means that defaults are not
emitted (well, that was I guess the whole point with defaults anyway).
When you parse XML under the control of a schema you get the defaults filled in. If you verify
signatures on the DOM tree that may be the result of the read operation it will fail.
That is, if you want to keep defaults you should probably add a paragraph telling the "signer" to
always fill in the right ("canonicalized") data and not depend on the defaults otherwise the
"verifier" will be in trouble.
Other reference:
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2005OctDec/0017.html
Anders
_______________________________________________
KEYPROV mailing list
KEYPROV@ietf.org
https://www.ietf.org/mailman/listinfo/keyprov
- [KEYPROV] PSKC's use of default values Anders Rundgren
- Re: [KEYPROV] PSKC's use of default values Philip Hoyer
- Re: [KEYPROV] PSKC's use of default values Anders Rundgren