2.6.9 XML Digital Signatures (xmldsig) bof

Current Meeting Report

Reported by Rohit Khare:
Edited by Donald Eastlake

Rohit Khare * March 16, 1999 * 9:00 AM

XML DSIG BoF Meeting Notes

Donald Eastlake presented a proposed 1 hour agenda (see slides). Turns out we were actually sceduled for 2 hours and used almost all that tiime.

Eric Riscola opened with a concern that several groups have tread before here -- but that there are also new concepts on the table here (header-signature, parallel blocks, etc)

Donald Eastlake presented a proposed layering:
OTHER groups: cert policy, signature semantics, etc
XMLDSIG group: signature syntax, XML hashing

Dave Solo -- there's something in between that speaks to "behavior" and which is critical to interoperabilty -- e.g. what happens when pieces start failing (successive or embedded signatures) -- e.g. if I'm processing attributes (behavior of signatures tied to the xml tag sets, not just signing it opaquely). So perhaps we shouldn't rush ahead so soon in the BoF.

Hiroshi Marayuma <maruyama@jp.ibm.com> from IBM Tokyo presented DOMHash for IBM's XML4Java toolkit. Tool kit is available from alphaworks at http://www.alphaworks.ibm.com. See Slides.

Question: so this is a hash of hashes ( a hash tree)?
A: yes; the API produces a hash for each element, then hashes over the child elements.

Question: (DSolo) you're eliding information on comments, etc -- what if I need a signature will all the information, not just the structure of the XML document.
A: XML DOM specification says DOM processors need not send comments up and a cannoncialization that any conformant DOM implementaiton supports is desireable..

There's also an XML Tree Diff tool, based on this hash API, which obtains the minimum edit distance between two DOM trees.

Eric Riscola (EKR): wait, if you want diff, you *definitely* want to keep the full text (comments, etc) around. Some of this stuff is handled in ASN.1, the same conflict between the canonical rep and the on-the-wire rep. It's been very unpleasant to work with an abstract representation -- why not a canonical string format?

Rohit Khare: The XML std is only *about* structure.

Comment: The WAP forum has defined a canonical form: WBXML.

EKR: from a security perspective, what's the point of hashing hashes vs. a byte stream.

Comment: this allows you to recompute minor edits quickly.

EKR: this is not a common case; most of the time you want to sign a whole document, once.

Donald Eastalke: procedural point: Let's not do technical design at this BoF. The point is that there *are* different surface strings for the "same" XML.

Next "speaker": Richard D. Brown's xml-dsig draft (not physically present due to snow storm). See slides.

Dave Solo: should we be co-specifying a hash and a canonicalization functions, or just a pure canonicalization algorithm?

JReagle: XML Syntax Working Group has defined requirements for XML surface string canonicalization

Rohit Khare: and what of the XML Internal Set WG, its canonical in-memory complement?

Brown's overall structure also specifies how to encode *a signature block* in XML (Signature tag with Manifest and Value (usually. base-64 signature data) subtags).

Denis Pinkas (sp?):
1) can your sign part of the document (a signature at the XML level) -- if you can only sign the whole document
2) are we going to handle "electronic signature", too -- not just asymmetric mechanisms, symmetric sealing, but also formats for e-signing more than XML?

Donald Eastlake: a standard in this space pretty much must address signing-by-parts. It is useful to have a standard for hashing alone, sig syntax without sig algorithms and policy, and there would, I suppose, also be value in a syntax for policy. My suggestion is a fairly focused short-term project, coming out of the Trade wg's need to sign and encapsulate document pieces

Ian King: This wg's agenda seems to have 3 parts: how to hash; a structure/syntax for how to encode the hash; how does this fit with XML's parts, links, etc.

Q: Why do we need more than 1 canonicalization format? dee3
A: some channels put constraints like, say UTF-7... are you saying there should only be one such function?
EKR: yes.

Todd Vincent: Legal XML working group (non-IETF) formed by 18 folks; we definitely feel there's a need for this WG.

EKR: there are a number of flaws in draft-brown... (various technical points)
Answer: Some of these have already been fixed, others still debatable.

Donald Eastlake presented a slide of Milton Anderson's FTSC suggestions (e.g. criticality flag)

Rob Frye: doesn't this smack of semantics?
A: it only seems Anderson wants a place to put this information.

comment: does this open a patch attack?
a: not really, it would be signed in.

Solo: it's a bad idea: experience in DMS was to remove it.
dee3: my bias is that people should have places to put things if they're really determined.
EKR: I reinforce dave. This bogs down every new attribute with a debate over 'criticality'.

dee3: recall the only core sig attribute specified in the brown draft so far is time-of-signature. FSTC e-check itself wants to add proprietary stuff like location.
EKR: pkix and smime show signs of precisely this kind of bloat.

W3C will have a workshop in this space April 15-16.

Eric Riscola: why ietf rather than W3C?
Donald Eastlake: The IETF has more experience at this lower level and a light(er) weight process. However, it will be essential to coordinate with W3C.

Mark Day: the usual model is that W3C develops stuff; some of it is deemed mature enough to transition over to another, larger or better-trained body like IETF. To my memory it hasn't gone the other way around.

jreagle: coordination is the key

ekr: the real problem, indeed, is coordinating the media type with the latest security technology. Less security expertise is needed; instead, it's a very, very XML-heavy problem suited to W3C

jreagle: and RDF-heavy, too.

balding buzzcut guy (:-): well, if you want parts, use *mime* to slice into multiparts.
Donald Eastlake: yes, the brown draft does have hooks for external references and specifies simple packaging. The W3C plans to have a packaging activity.

Donald Eastlake: presented the draft charter (see slide). Very aggressive milestones. Want to submit final I-Ds by August. Expecting lots of small changes, not hugely different choices.

buzz-cut: there's an Application Area tendency to issue requirements documents these days.
Donald Eastlake: Yes, that could be done as a first step

Ian King: we need more specificity, break it down to detailed tasks. We need to contact more users (more than just financial and legal)

Mark Day: at a minimum, the milestones should refer to W3C's workshop
Donald Eastlake: Charter is unlikely to be approved until after the W3C workshop. W3C is an association of companies while IETF is one of individuals.

Jreagle: yes, the wshop is very similar to this bof; a superset agenda of sorts, canonicalizing XML and RDF, links, processing composites, international policy, and client-signed XML

Jim Galvin: this sounds a lot like a competition, semi-facetious though it sounds. I don't think 'coordination' is called for, these are two groups doing the same thing.

Rohit Khare: we need to rule out-of-scope the kind of user-layer stuff such as XFDL (graphic positioning of form elements), verifying form POSTed url-encoded data. Charter could use some non-goals, too.

buzz-cut: if this is just an xml-specific thing, there are other venues with more xml expertise. "show me what differentiates this from w3c" -- I suspect charter language binding this effort to other IETF working groups (like TRADE, or relates to S/MIME)

JReagle: I recommend using namespaces to break out parts of the problem (semantics, etc).

Barbara Fraser: we can't make these distinctions today.

Jim Galvin: why do we care if other groups have xml applications calling for signatures.
Answer: In the IETF there's vCard and other apps, too, ya know. Makes it valuable to have a digital signature standard early on in the process.

legal sig guy: we've been having the same forum-shopping debate. I like having ietf's dsig experts and its greater accessiblity and openness. but I don't think it should be both IETF and W3C.

comment: our company has a dozen different XML apps and they're all pursuing different ds strategies

Rohit Khare: to state the obvious: you don't get ietf involvement for free -- let the "experts" vote with their feet.

Bill Flanigan: why not have a second bof in Oslo -- what would be the functional difference than having a half-baked charter -- just let time move on.
Answer: a goal of being a real WG is to raise profile, get involvement.

JSchiller: there's a new rule: ONE BoF. I'd like to leave here *today* with a sense of direction, even if charter details are left to the list.

Donald Eastlake: I agree the current charter is pretty generic and could be made more specific.

STRAW POLL: unanimous consent that a standard in this area would be a "good thing".

Paul Lambert: I'm not as comfortable ceding the whole area to W3C in the conditional-scenario.

Mark Day: we could have a second BoF in Oslo on "what W3C wants to hand off".

Donald Eastlake: I'd rather be prepared to carry the torch on the condition W3C is "not opposed" to IETF doing it. Poll: 40+ positive, 3-4 against. How many would actively participate in an IETF WG?
Poll: about 40+.

STRAW POLL on urgency: seems 3-1 for urgency, about 1/3 voting. (urgency means IETF Proposed Standard or W3C Recommedation out by end of calendar 1999.)

W3C's Connolly speaks: XLink is still work in progress. Do you expect this dependency to persist in your draft?
RK: DAV's experience required reference-by-copy while it was still W3C's work in progress.