Mark Nottingham wrote:
On 07/07/2005, at 11:36 AM, Paul Hoffman wrote:
At 10:23 AM -0400 7/7/05, Mark Nottingham wrote:
Are we specifying exclusive c14n with or without comments? My
preference would be without.
Without. That is explicitly the default for <http://www.w3.org/TR/
2002/REC-xml-exc-c14n-20020718/>.
Where does it state that explicitly? There are two identifiers in
section four; it would be best to reference the spec and the
applicable identifier by name.
+1
As I understand it, inherited xml:lang and xml:base attributes
aren't signed when you're using exclusive c14n. If we ended up
allowing per-entry signatures, we need to give guidance that
xml:lang and xml:base should be explicitly included in the signed
content if they are important.
Why? We are signing bags of bits. Why add those from the outside?
Exclusive canonicalisation itself says, in section 5.1;
applications must carefully specify the XML (i.e., source, fragment,
and target) or define the node-set processing (i.e., removal,
replacement, and insertion) with respect to default namespace
declarations (e.g., xmlns="") and XML attributes (e.g., xml:lang,
xml:space, and xml:base).
Imagine that you sign an entry that relies on an feed-level xml:base
of "http://www.example.com/";. If you exclusively canonicalise, an
attacker could introduce an xml:base of "http://www.evil-
attacker.net/" into the signed entry without invalidating the
signature, effectively rewriting all of the URIs inside it. Similar
problems would occur with xml:lang, since we depend heavily on it
(although I see xml:base as a more serious problem).
Good catch. I had missed this when I was looking at ex-c14n. +1 on
needing to explicitly state that xml:lang and xml:base and default
namespace declarations
It may be helpful to give guidance about the usage of the
InclusiveNamespaces PrefixList, especially with default namespaces.
The whole purpose of using exclusive XML is to not need to guess
about what is and is not in the bag of bits being hashed.
Right. People need to understand the implications of including or
excluding particular pieces of information from that bag, as per above.
+1
- James
